If I use a VPN, who will resolve my DNS requests?

Depending on how your VPN is configured, you might or might not use the same DNS for your VPN and for Internet. VPN's are (typically) like an additional IP stack on your system, and can have a separate DNS server address configured. But not all systems do this.

  1. If your VPN does not assign a new DNS for the VPN session then you will continue to use the DNS server(s) configured in your main Internet IP Stack. This can present a problem if the external DNS cannot resolve internal addresses (or as you indicate, if you don't want internal addresses to be known externally).
  2. If your VPN does assign a new DNS - for example by using DHCP option 6 "DNS Server" - then you can have different DNS servers for the VPN and for Internet. Your OS must support this, as must the VPN service. If you send traffic out both stacks at once this would be "Split Mode".
  3. A final option is that you might operate your VPN in Tunnel Mode, sending all communications (including Internet) through the VPN stack. In this case, when you are on the VPN all DNS would use the VPN's DNS. This is probably the most secure way since all internal traffic is sure to stay in the VPN.

The requests will be passed to the IP that's configured. So if your DNS is still your ISP's DNS, then yes you will still be asking your ISP to resolve a domain name for you.


Ah, I know that this has been pretty much answered, but I wanted to bring a bit more clarification to the answers here as, in the end, the true answer is completely dependent on how both the server and client are configured. What it sort of boils down to are two things: one is that a vpn tunnel doesn't need to redirect all your traffic and the other is that a VPN server doesn't have to assign a dns server.

**Before I get too into the specifics, I'll just say this.. On windows and you can tell if your DNS is being handed out by your VPN by opening up a cli and typing in "nslookup localhost" and looking at the top. Similarly, if you are using ubuntu you can use "nmcli dev list iface eth0 | grep IP4" ** *. If you do this before and after connecting to a vpn and the dns server listed doesn't change, than your DNS isn't being assigned by your VPN. * If you are using linux, most VPN implementations won't assign a dns server even if the VPN server is configured for it.

You may or may not be assigned a dns server through a vpn based on a) which vpn implementation you are using b) which OS you are using or c) whether or not the server AND client vpn settings allow this. Another common mistake is to run your vpn client without administrator or root privileges. (This often changes only a few options, making the vpn appear to be functional.)

Most VPN services that you can pay for will be configured to redirect all of your IP traffic through the VPN tunnel. (In openvpn, the server option is "redirect-gateway".) This will include DNS traffic and, although it would be less common for a vpn connection that redirects all traffic to not ALSO assign a dns server, it isn't out of the question either. If a DNS Server isn't assigned by the vpn server but your gateway is redirected, the dns traffic will simply go through the tunnel before making it to it's destination. (Lookups are slow but work.)

A popular and generally elegant vpn implementation that is popular in Corporate environments is to have the vpn server assign a DNS server but not redirect your default gateway. This will make connections to things that have internal dns records like Application Servers accessible since they have a private IP address where-as publicly accessible things like websites pass through the internet like normal due to their having Publicly routeable IP addresses. (This is a function of how ip's are routed more than VPN.)

Due to the highly configurable nature of VPNs, there are essentially an infinite variety and styles of vpn, but just know that most vpn tunnes tend to revolve around those two styles.

(Oh, and maybe check out this article for more info.) OpenVPN Routing and Bridging

Tags:

Dns

Vpn