# DNS Issues ### DNS Proxy When the *VPN Client DNS Mapping* option is enabled in the server settings, the Pritunl server will run a DNS server using the `pritunl-dns` process. This DNS server proxies all DNS requests from the client, which can resolve many issues related to DNS servers—particularly those with access control configurations. ### Systemd Resolve If the Pritunl server is using systemd-resolve this can bind to port 53 which will prevent client DNS mapping from working. Run the commands below to check if port 53 is in use and to disable the DNS stub listener if the system is using systemd-resolve. This should not be done if the server does not use systemd-resolve. ```sh sudo netstat -tulpn sudo systemctl status systemd-resolved sudo nano /etc/systemd/resolved.conf [Resolve] DNSStubListener=no sudo systemctl restart systemd-resolved ``` ### AWS DNS The internal AWS DNS server will require the *VPN Client DNS Mapping* option to be enabled in the server settings. ### Routing DNS Server In some cases the DNS server needs to be added to the server routes. ### Disable DNS Server Clearing the *DNS Server* option in the server settings will leave the clients DNS servers unmodified. ### Web-Proxy Auto Discovery Some ISPs will use Web-Proxy Auto Discovery to interfere with DNS settings. This can cause issues for some VPN connections. If issues are occurring this feature should be disabled. ### Ubuntu AppArmor The Ubuntu AppArmor profile will block OpenVPN DNS scripts from running. To allow Pritunl to configure DNS for OpenVPN connections the command below must be run to disable the OpenVPN AppArmor profile. ```shellscript sudo apparmor_parser -R /etc/apparmor.d/openvpn ``` This can be reverted by running the command below. ```shellscript sudo apparmor_parser -a /etc/apparmor.d/openvpn ``` ### macOS To disable WPAD on macOS ensure all protocols are disabled in the advanced network interface settings. ![](https://files.readme.io/9ccc359-macos_proxy.png) ### Windows To disable WPAD on Windows uncheck *Automatically detect settings* in the network *Proxy* settings. ![](https://files.readme.io/c8aee98-windows_proxy.png) ### iOS There are currently three fixes for the DNS issue on iOS. Add the DNS server to the server routes. The default DNS server used is `8.8.8.8` add the route `8.8.8.8/32` to the server routes for this configuration. Remove the DNS server from the settings. This will instruct the client to use their current DNS configuration. This could cause problems with some clients if that DNS configuration becomes unroutable due to the VPN routes. Enable *VPN Client DNS Mapping* in the advanced server settings. This will start a DNS server on the Pritunl server that will proxy all DNS requests and will always be available to the client. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/client/dns-issues.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.