easy-openvpn-server is a vpn server, not a client, so it doesn’t need to change DNS settings on the host machine. However, I do have some experience with vpn clients so I can offer some info on this.
Is there any universal solution to changing DNS settings on the host machine?
The truth is that there is none. Even changing /etc/resolv.conf is not a universal solution, as it will not work on Fedora anymore, for example. See Understanding systemd-resolved, Split DNS, and VPN Configuration for more information on how modern DNS resolution works.
Importantly, when nss-resolve is used, glibc does not read
/etc/resolv.confwhen performing name resolution, so any configuration that you put there is totally ignored. That means any script or program that writes to/etc/resolv.confis probably broken.
Apart from the fact that it won’t work, it’s also a user-hostile solution. It’s akin to throwing a brick through a window in order to get some fresh air. It completely bypasses the “regular” DNS infrastructure of the host machine and will make a lot of users and OS developers annoyed. It will cause a bunch of weird to debug issues.
- For example, all GUI and CLI interfaces to change DNS settings will silently fail. To the user, it will seem as if they can still modify their DNS settings, but none of the modifications will actually change anything.
- Another example: if the user is working with a local Kubernetes cluster, DNS integration with their desktop will stop working.
- As a final example, some third party applications on fedora still use
/etc/resolv.conf, so depending on the application, it will have different behavior.
As a user, I think @alexmurray made the right decision here. VPN clients should not be able to change /etc/resolv.conf. It doesn’t always achieve what you want and when it does, it creates a broken system.
What should you do then?
You should be able to use the tool resolvectl. This configures resolved, which is the DNS daemon on almost all Linux distributions. 99% of your userbase will be covered by this. Since snap requires systemd and resolved is part of it, this should work on 100% of distributions supporting snap.
For your (non-snap) app, you can still fallback to changing /etc/resolv.conf when resolved is not found on the system.