Help with VPN DNS nameservers, pages not fully loading

I have PrivateInternetAccess as my VPN provider installed on a LinkSys WRT32X with OpenWRT 19.07.5.

The problem is that some pages don't appear to be fully loaded and I can't login into email such as gmail. This all started when I upgraded OpenWRt as well as PIA's new DNS services which use private IP's instead of public facing DNS servers.

In my openvpn configuration file I have added the following p/ my vpn providers instructions.

dhcp-option DNS
dhcp-option DNS

Also, on my linux box behind the router I have the older nameservers that PIA was using before. I'm not sure what should be in /etc/resolv.conf now and wondering which takes precedence, the router DNS or /etc/resolv.conf.

Any help much appreciated.

The linux box will look into its resolv.conf to find which nameservers to use.
If the nameserver is the OpenWrt, then the nameservers configured in OpenWrt will be used.

1 Like

So what should /etc/resolv.conf be in the linux box behind the router so that the DNS configured in the router will be used (in this case, the DNS configured within OpenVPN).

If that is a general-purpose Linux distribution, check:

grep -e ^hosts: /etc/nsswitch.conf

It depends on the NSS config, resolver service, network management service.
Typically you should simply use automatic DNS with DHCP and properly set up the upstream resolvers on the router.

1 Like

My (Gentoo) linux box, which is a pretty simple setup gives ...

hosts:      files dns

But I'm still unable to login to anything, even this forum, and some pages still come in, incomplete.

1 Like

Have you tried a public DNS server like Google/cloudfare?

No, but then, that would kind of be defeating the purpose of my VPN.

I'm sure something isn't set right, but don't know what it is. Somehow, even when setting my /etc/resolv.conf to nameserver (which stops any browsing from working), I'm not quite sure how to properly get the DNS settings from OpenVPN to propagate to my linux box.

PIA have been known to have DNS problem. Try a public DNS server as a test

Whether I use public DNS's or the older pubic facing nameservers from my vpn provider, the results are the same.

Should I be adding any of these nameservers within OpenWRT, like Network -> DHCP and DNS -> DNS forwardings ... or would having them in OpenVPN override all these?

I use PIA with WireGuard and also experienced sluggish webpage loads etc, until I only used the DNS servers that PIA recommend.

I don't use a linux client but use Windows 10, when i do a nslookup I get the OpenWrt router:

Default Server:  OpenWrt.lan

Firstly I'd follow what @vgaetera suggested:

.. then look for DNS leaks using PIA's checker:

1 Like

I think that's what I'm asking. How do I setup the upstream resolver on the router? What needs to be done to setup DNS. As I've said above, I've added the following to my openvpn file. These are the internal DNS nameservers of my VPN provider.

dhcp-option DNS
dhcp-option DNS

I've removed everything from my /etc/resolv.conf file and restarted the interface to the router on my linux box, yet the automation doesn't seem to be happening.

What am I missing?

There should be no reference to the old and PIA DNS servers, as these are: if not already/in the process of being decommissioned.

If you have internet access on the linux box, and you've followed the PIA walk-through in adding the
dhcp-option DNS and dhcp-option DNS in your ovpn config file, check that your actually using them.

1/ check your system log with reference to the addresses.
2/ if they exist..

FYI: the PIA DNS IP address will not be the same as the PIA IP address (it was the opposite with their old generation network), for example

First verify that the router is using these nameservers.

ubus call system board; \
uci export network; uci export dhcp; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Then verify from the /etc/resolv.conf and network manager on the linux box which nameservers it is using (it should be the OpenWrt lan IP).

1 Like

On a general-purpose Linux distribution, /etc/resolv.conf is typically a symlink to a file managed by NetworkManager or systemd-resolved.

1 Like