New on LowEndTalk? Please Register and read our Community Rules.
Weird DNS issue when connected to OpenVPN
I'm having a problem with my OpenVPN server, i can not resolve any domains.
This is the "error" i'm getting:
C:\Users\Wesley>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: xxx.xxxx.xx
Address: 128.204.xxx.xxx
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Yes, i'm using my own DNS server (ad-blocking) which works when i set it manually at my computer. But i also want to use the DNS server when i'm connected to the VPN on my iPad somewhere
Could anyone help me with this?
EDIT:
When i set the nameserver at the resolv.conf on the VPS where the VPN is installed on i get the following error:
nslookup google.com ;; connection timed out; no servers could be reached
This discussion has been closed.
Comments
push "dhcp-option DNS 192.168.1.1"Use this option and set your DNS server ip ^^
I know that.. and i have done that
Are you able to connect to your DNS servers? (is route set properly)?
Please re-read my OP please.
Can you paste your named.conf & named.conf.options? (OS dependant)
Sure.
named.conf:
named.conf.options:
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on { any; }; allow-recursion { any; }; allow-query { any; }; allow-query-cache { any; }; };You are not allowing me to help you. In any case you should be checking your routing table to know the reason. Over and out.
I am, in my OP i already said that i was able to connect to the DNS server using my computer
Uncomment forwarders and use Google's 8.8.8.8 or OpenDNS' 208.67.222.222 - whatever your flavor is. And give it another spin. If it fails, sorry, I'm out of ideas.
Uncommenting forwarders doesn't solve it. Google's DNS does work (since the beginning) but i really want to use my own DNS server..
So even when you're connected to the vpn, you want the dns resolution to be local instead of going through the vpn?
You can try this (it works for me).
Check the openvpn server config file and remove any lines that are pushing the DNS servers, i.e.
Then reconnect to the vpn.
If your DNS server is on a different subnet, you may need to change the openvpn client config .ovpn to bypass the vpn for the DNS server addresses, too, though. For example:
The DNS server is not local, it's on an external VPS
>
>
Good luck with that.
Also, you should really read up on how to configure a DNS server. You don't even know about forwarders.
Of course you cannot get anything resolved with your own DNS server if you don't have any forwarders.
Then tell me why it works on my computer, it even works on all devices here when i set the DNS to mine in the router.
You probably have alternate DNS servers also set. Or your router/computer is using its DNS cache.
What is the output of
?
Nah, i don't think so. I did a ipconfig /flushdns on my computer.
Weird thing is, the DNS server work just fine on my home network.. While the DNS server is hosted on a VPS in NL
As I said, you need to add forwarders.
Before doing that, make sure your DNS server is not an open resolver. At the moment it is.
I already tried to do that, didn't work.
It does work.
Probably it's your firewall or you didn't restart the named service after modifying the configuration. Also, look at your logs.
Firewall doesn't block anything. I have restarted bind.
I have added the following at the config:
forwarders { 8.8.8.8; 8.8.4.4; };Is named even listening on port 53 and on the right interface?
And look at your logs!
It's running on both localhost and the external ip on port 53.
There are no error logs from bind/named at the syslog file
If you do a
on your DNS server, does it resolve?
Yep, that works.
In that case it's most likely a firewall issue.
Especially if you can't see anything in your logs. It should log failed queries, but it seems the queries never even make it to named.
I think it is your iptables issue bro. Try the commands below on your VPN server and see whether 8.8.8.8 is reachable or not first, before trying to resolve DNS.
echo 1 > /proc/sys/net/ipv4/ip_forward;
iptables -t nat -I POSTROUTING -j MASQUERADE;
Everything works fine on the VPN server, i can use google's dns and opendns. But the thing is, i can't use my own
Dies THW DNS request reach your VPS? Check with tcpdump vor iptables' packet counter. If that is true, increase log level and see why you don't get a DNS reply.
iptables
Just installed bind with the same config on another vps and it's working fine on that one. Seems like it was indeed a firewall issue