What DNS am I using? Can I change it?

Under editing wired connections / IP4 Settings I have entered “50.116.40.226, 4.2.2.1” for my DNS.

Doing command “$ nmcli -t -f IP4.DNS device show enp2s0” results in:
IP4.DNS[1]:50.116.40.226
IP4.DNS[2]:4.2.2.1

NetworkManger.conf does not indicate a DNS

However, resolv.conf shows:
nameserver 209.222.18.222
nameserver 209.222.18.218

Both which resolves back to privateinternetaccess.com

And https://ipleak.net/ shows 209.222.18.218 as my nameserver. This is without a VPN connection when I expected to see my ISP or configured DNS.

I assume the PrivateInternetAccess app that was installed made the change. I don’t mind using PIA nameserver when connected to PIA, however, I prefer to use my own DNS preferences when not using PIA. How does the OS select the DNS when there are obvious conflictions like this?

Update: So I manually updated resolv.conf and entered my preferred nameservers. All seems to be working as expected now. I am still curious the best way to manage DNS, I have always changed my servers by editing wired connections / IP4 Settings in the past. This method apparently no longer works.

Since my last post, I did learn from PIA that they do change the resolv.conf, but upon disconnecting from their VPN application, the PIA app should set resolv.conf back to how it was before connecting. It seems to be working now.

I am still curious the best way or recommended method to identify what DNS to use. Is manually editing the resolv.conf really the best way? Otherwise, using the Network Manager makes most sense to me as you can select different DNS for different connections. (Not that I really need this capability, just makes sense to me).

What is the recommended method to identify DNS?

It’s not recommended to change your resolv.conf as it will be overwritten every time you reboot your computer.
Saying that, I’m not sure if this helps you or not but I stopped using PIA’s app and started using OpenVPN using PIA servers manually. Here is a guide I use and a script I created to launch PIA and temporarily continue to use Google’s DNS servers instead of PIA’s. Not sure if it is still secure or not if I use Google’s DNS servers instead of PIA’s but it actually may be a little faster.

Guide:

• If you don’t already have OpenVPN you need to install it.

sudo apt-get install openvpn

• Move to the OpenVPN directory in /etc:

cd /etc/openvpn

• Download from the Private Internet Access website the zip folder. This folder contains all the config files for OpenVPN.

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip

• Unzip the folder using unzip. If you don’t have unzip already installed in your system run the following command:

sudo apt-get install unzip

and then unzip:

sudo unzip openvpn.zip

• In order to see the list of servers to which you can connect run:

ls -l

• As you can see each server config file has .ovpn extension. Now you can run the final command to connect to the server:

sudo openvpn config-server-filename.ovpn

Once the previous command is executed you are required to insert your username and password of your Private Internet Access account. If you want to avoid to insert username and password every time you want to connect to the VPN you can follow these steps:

• Create a .txt file in the /etc/openvpn folder (same folder of the .ovpn file) . You can name this file ‘.pass.txt‘. It’s recommended to chmod 700 on this hidden file.

• In the first two lines of the file put your username and password, like:

username

password

• Save and close the file.

• Open up your .ovpn and add the following line at the bottom:

auth-user-pass .pass.txt
auth-nocache

• Save and try to connect again. You should not be required to insert username and password this time.

Then here is my shell script I run every time I want to launch PIA.

#!/bin/bash
# backup copy of resolv.conf with Google's DNS servers
sudo cp /etc/resolv.conf.bk /etc/resolv.conf
cd /etc/openvpn
sudo openvpn US\ Florida.ovpn &

Of course, if you want to use a different PIA server every time you will need to configure separate scripts for the specific server and, of course, make sure you have the same edits in each .ovpn server config. Or one script that has user input that will allow you to choose what server you would like to connect to.
In this scenario, I would prefer to send my username and password encrypted but I have not figured out how to do that yet.

I realize this does not answer your question but I hope it helps you with PIA.

@t3kg33k

Thanks for the reply. I do have OpenVPN configured as you described. This is my typical use of PIA, but I still occasionally use the PIA application.

So if resolv.conf gets overwritten on each reboot, how can I get the settings in Network Connections to take? It seems all these settings are ignored (even without VPN) even though command "nmcli -t -f IP4.DNS device show enp2s0” shows the settings took.

I’m sorry, I don’t know the answer, I’ve not seen this behavior before.
Perhaps one of the experts in this community will know the answer.

Without a solution or maybe understanding, I have been managing my DNS by manually editing the “resolv.conf” file. This has been working for me. Today I happened to notice the following error in my logs:

Dec 20 16:06:39 J resolvconf[331]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf

Is this an issue to worry about or fix?

So I figured out my issue. The Private Internet Access app changes the etc/resolv.conf file to use their servers. I think there must have been an untidy shutdown leaving the etc/resolv.conf file as a file and not a symbolic link. Not knowing etc/resolv.conf should be a symbolic link, I went on maintaining my DNS by modifying etc/resolv.conf until I learned about resolv.conf being a symbolic link.

By entering:

$ cd /etc
$ rm resolv.conf
$ sudo ln -s /run/resolvconf/resolv.conf

I was back as originally configured and able to manage my DNS through the network manger. PIA works just fine via both their app and OPENVPN.