DNS Issues

DNS Proxy

When the VPN Client DNS Mapping option is enabled in the server settings, the Pritunl server will run a DNS server using the pritunl-dns process. This DNS server proxies all DNS requests from the client, which can resolve many issues related to DNS servers—particularly those with access control configurations.

Systemd Resolve

If the Pritunl server is using systemd-resolve this can bind to port 53 which will prevent client DNS mapping from working. Run the commands below to check if port 53 is in use and to disable the DNS stub listener if the system is using systemd-resolve. This should not be done if the server does not use systemd-resolve.

sudo netstat -tulpn

sudo systemctl status systemd-resolved

sudo nano /etc/systemd/resolved.conf
[Resolve]
DNSStubListener=no

sudo systemctl restart systemd-resolved

AWS DNS

The internal AWS DNS server will require the VPN Client DNS Mapping option to be enabled in the server settings.

Routing DNS Server

In some cases the DNS server needs to be added to the server routes.

Disable DNS Server

Clearing the DNS Server option in the server settings will leave the clients DNS servers unmodified.

Web-Proxy Auto Discovery

Some ISPs will use Web-Proxy Auto Discovery to interfere with DNS settings. This can cause issues for some VPN connections. If issues are occurring this feature should be disabled.

macOS

To disable WPAD on macOS ensure all protocols are disabled in the advanced network interface settings.

Windows

To disable WPAD on Windows uncheck Automatically detect settings in the network Proxy settings.

iOS

There are currently three fixes for the DNS issue on iOS.

Add the DNS server to the server routes. The default DNS server used is 8.8.8.8 add the route 8.8.8.8/32 to the server routes for this configuration.

Remove the DNS server from the settings. This will instruct the client to use their current DNS configuration. This could cause problems with some clients if that DNS configuration becomes unroutable due to the VPN routes.

Enable VPN Client DNS Mapping in the advanced server settings. This will start a DNS server on the Pritunl server that will proxy all DNS requests and will always be available to the client.