OpenVPN – A Note on Ubuntu DNS

back to OpenVPN

Ubuntu 22.04 uses a resolver service when looking up DNS requests. If I ask dig to resolve google.com I can see that I hit the “SERVER: 127.0.0.53

john@ubuntu:~$ dig google.com

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7611
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		100	IN	A	216.58.206.46

;; Query time: 12 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue Mar 04 12:19:23 UTC 2025
;; MSG SIZE  rcvd: 55

looking at the /etc/resolv.conf file it is consistent with the results seen using dig

john@ubuntu:~$ cat /etc/resolv.conf 
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

To those that are not aware, 127.0.0.53 is the local machine. So the name server is running on the local host.

To get details on the service, you can use the following command

john@ubuntu:~$ sudo systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled)
     Active: active (running) since Tue 2025-03-04 11:43:06 UTC; 41min ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 498 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 4598)
     Memory: 7.9M (peak: 8.4M)
        CPU: 83ms
     CGroup: /system.slice/systemd-resolved.service
             └─498 /usr/lib/systemd/systemd-resolved

Mar 04 11:43:06 ubuntu systemd[1]: Starting systemd-resolved.service - Network Name Resolution...
Mar 04 11:43:06 ubuntu systemd-resolved[498]: Positive Trust Anchors:
Mar 04 11:43:06 ubuntu systemd-resolved[498]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Mar 04 11:43:06 ubuntu systemd-resolved[498]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-ad>
Mar 04 11:43:06 ubuntu systemd-resolved[498]: Using system hostname 'ubuntu'.
Mar 04 11:43:06 ubuntu systemd[1]: Started systemd-resolved.service - Network Name Resolution.

Or to call the service directly

john@ubuntu:~$ sudo resolvectl status
[sudo] password for john: 
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (ens6)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 212.227.123.16
       DNS Servers: 212.227.123.16 212.227.123.17

Link 3 (tun0)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

The key line is Current DNS Server: 212.227.123.16 – this is the actual IP of the DNS server you are using. If you are configuring a client and want to use the same DNS as the server then this is the IP to use.