by df » Fri Nov 30, 2018 1:33 am
Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf
Can't think of any reason why `host` would work but openvpn wouldn't...
But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which is the default for Ubuntu and some other Debian based distros.
If dnsmasq isn't running, or something else is being used that's changing the DNS settings then it could cause these issues.
Another thing is that Comcast's 75.75.75.75 and 75.75.76.76 DNS servers aren't actually public DNS servers, they only work if you're coming from a Comcast IP. So if you're using something that might be changing the IP that's connecting to those DNS servers, which would be the case if you're using DNSCrypt, then that could also cause those failures.
I'm not sure how you set your DNS to 1.1.1.1 before, but I'd recommend doing that via /etc/resolv.conf with the command:
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
then trying openvpn again
Even with the above command, something could still overwrite /etc/resolv.conf with something else. So after running the above command you could make the file immutable (it's like read-only) with `chattr +i /etc/resolv.conf`
But it would be better to figure out what's changing resolv.conf and telling it not to, or work within that program's configuration.
Another useful command in all this is: `host whoami.cryptostorm.is`
The custom DNS server at whoami.cryptostorm.is is designed to respond to all queries with an A record that contains the IP that made the final request.
I.e.,
root@oldbox:~# host whoami.cryptostorm.is 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:
whoami.cryptostorm.is has address 172.69.66.24
That shows that the cloudflare IP 172.69.66.24 is one of the IPs behind the 1.1.1.1 balancer.
In your case, it would be useful if you needed to know what the final IP is making your DNS requests.
Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf
Can't think of any reason why `host` would work but openvpn wouldn't...
But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which is the default for Ubuntu and some other Debian based distros.
If dnsmasq isn't running, or something else is being used that's changing the DNS settings then it could cause these issues.
Another thing is that Comcast's 75.75.75.75 and 75.75.76.76 DNS servers aren't actually public DNS servers, they only work if you're coming from a Comcast IP. So if you're using something that might be changing the IP that's connecting to those DNS servers, which would be the case if you're using DNSCrypt, then that could also cause those failures.
I'm not sure how you set your DNS to 1.1.1.1 before, but I'd recommend doing that via /etc/resolv.conf with the command:
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
then trying openvpn again
Even with the above command, something could still overwrite /etc/resolv.conf with something else. So after running the above command you could make the file immutable (it's like read-only) with `chattr +i /etc/resolv.conf`
But it would be better to figure out what's changing resolv.conf and telling it not to, or work within that program's configuration.
Another useful command in all this is: `host whoami.cryptostorm.is`
The custom DNS server at whoami.cryptostorm.is is designed to respond to all queries with an A record that contains the IP that made the final request.
I.e.,
root@oldbox:~# host whoami.cryptostorm.is 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:
whoami.cryptostorm.is has address 172.69.66.24
That shows that the cloudflare IP 172.69.66.24 is one of the IPs behind the 1.1.1.1 balancer.
In your case, it would be useful if you needed to know what the final IP is making your DNS requests.