And https://ipleak.net/ shows 209.222.18.218 as my nameserver. This is without a VPN connection when I expected to see my ISP or configured DNS.
I assume the PrivateInternetAccess app that was installed made the change. I don’t mind using PIA nameserver when connected to PIA, however, I prefer to use my own DNS preferences when not using PIA. How does the OS select the DNS when there are obvious conflictions like this?
Update: So I manually updated resolv.conf and entered my preferred nameservers. All seems to be working as expected now. I am still curious the best way to manage DNS, I have always changed my servers by editing wired connections / IP4 Settings in the past. This method apparently no longer works.
Since my last post, I did learn from PIA that they do change the resolv.conf, but upon disconnecting from their VPN application, the PIA app should set resolv.conf back to how it was before connecting. It seems to be working now.
I am still curious the best way or recommended method to identify what DNS to use. Is manually editing the resolv.conf really the best way? Otherwise, using the Network Manager makes most sense to me as you can select different DNS for different connections. (Not that I really need this capability, just makes sense to me).
It’s not recommended to change your resolv.conf as it will be overwritten every time you reboot your computer.
Saying that, I’m not sure if this helps you or not but I stopped using PIA’s app and started using OpenVPN using PIA servers manually. Here is a guide I use and a script I created to launch PIA and temporarily continue to use Google’s DNS servers instead of PIA’s. Not sure if it is still secure or not if I use Google’s DNS servers instead of PIA’s but it actually may be a little faster.
Guide:
If you don’t already have OpenVPN you need to install it.
sudo apt-get install openvpn
Move to the OpenVPN directory in /etc:
cd /etc/openvpn
Download from the Private Internet Access website the zip folder. This folder contains all the config files for OpenVPN.
Unzip the folder using unzip. If you don’t have unzip already installed in your system run the following command:
sudo apt-get install unzip
and then unzip:
sudo unzip openvpn.zip
In order to see the list of servers to which you can connect run:
ls -l
As you can see each server config file has .ovpn extension. Now you can run the final command to connect to the server:
sudo openvpn config-server-filename.ovpn
Once the previous command is executed you are required to insert your username and password of your Private Internet Access account. If you want to avoid to insert username and password every time you want to connect to the VPN you can follow these steps:
Create a .txt file in the /etc/openvpn folder (same folder of the .ovpn file) . You can name this file ‘.pass.txt‘. It’s recommended to chmod 700 on this hidden file.
In the first two lines of the file put your username and password, like:
username
password
Save and close the file.
Open up your .ovpn and add the following line at the bottom:
auth-user-pass .pass.txt
auth-nocache
Save and try to connect again. You should not be required to insert username and password this time.
Then here is my shell script I run every time I want to launch PIA.
#!/bin/bash
# backup copy of resolv.conf with Google's DNS servers
sudo cp /etc/resolv.conf.bk /etc/resolv.conf
cd /etc/openvpn
sudo openvpn US\ Florida.ovpn &
Of course, if you want to use a different PIA server every time you will need to configure separate scripts for the specific server and, of course, make sure you have the same edits in each .ovpn server config. Or one script that has user input that will allow you to choose what server you would like to connect to.
In this scenario, I would prefer to send my username and password encrypted but I have not figured out how to do that yet.
I realize this does not answer your question but I hope it helps you with PIA.
Thanks for the reply. I do have OpenVPN configured as you described. This is my typical use of PIA, but I still occasionally use the PIA application.
So if resolv.conf gets overwritten on each reboot, how can I get the settings in Network Connections to take? It seems all these settings are ignored (even without VPN) even though command "nmcli -t -f IP4.DNS device show enp2s0” shows the settings took.
Without a solution or maybe understanding, I have been managing my DNS by manually editing the “resolv.conf” file. This has been working for me. Today I happened to notice the following error in my logs:
Dec 20 16:06:39 J resolvconf[331]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
So I figured out my issue. The Private Internet Access app changes the etc/resolv.conf file to use their servers. I think there must have been an untidy shutdown leaving the etc/resolv.conf file as a file and not a symbolic link. Not knowing etc/resolv.conf should be a symbolic link, I went on maintaining my DNS by modifying etc/resolv.conf until I learned about resolv.conf being a symbolic link.