Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf
Can't think of any reason why `host` would work but openvpn wouldn't...
But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which is the default for Ubuntu and some other Debian based distros.
If dnsmasq isn't running, or something else is being used that's changing the DNS settings then it could cause these issues.
Another thing is that Comcast's 18.104.22.168 and 22.214.171.124 DNS servers aren't actually public DNS servers, they only work if you're coming from a Comcast IP. So if you're using something that might be changing the IP that's connecting to those DNS servers, which would be the case if you're using DNSCrypt, then that could also cause those failures.
I'm not sure how you set your DNS to 126.96.36.199 before, but I'd recommend doing that via /etc/resolv.conf with the command:
echo 'nameserver 188.8.131.52' > /etc/resolv.conf
then trying openvpn again
Even with the above command, something could still overwrite /etc/resolv.conf with something else. So after running the above command you could make the file immutable (it's like read-only) with `chattr +i /etc/resolv.conf`
But it would be better to figure out what's changing resolv.conf and telling it not to, or work within that program's configuration.
Another useful command in all this is: `host whoami.cryptostorm.is`
The custom DNS server at whoami.cryptostorm.is is designed to respond to all queries with an A record that contains the IP that made the final request.
root@oldbox:~# host whoami.cryptostorm.is 184.108.40.206
Using domain server:
whoami.cryptostorm.is has address 220.127.116.11
That shows that the cloudflare IP 18.104.22.168 is one of the IPs behind the 22.214.171.124 balancer.
In your case, it would be useful if you needed to know what the final IP is making your DNS requests.