Ubuntu server VPN systemd-resolved split DNS
Ubuntu server VPN systemd-resolved split DNS
Ubuntu server, combined with a VPN and split DNS configured through systemd-resolved, offers a way to selectively route DNS requests. Instead of all your DNS requests going through the VPN, only those for specific domains do. This is particularly useful when you want the security and privacy of a VPN for certain services, but need the speed and reliability of your regular internet connection for others.
Think of it as having two separate address books for the internet. One address book (your regular DNS) is used for everyday websites and services. The other address book (the VPN's DNS) is only consulted when you're trying to reach specific websites or services that you've configured to use the VPN. systemd-resolved is the tool that manages these different address books.
Split DNS is helpful in several situations:
Accessing local network resources: If you have devices on your home network (like a printer or NAS) you want to access directly, without routing their traffic through the VPN, split DNS allows you to do so.
Improving speed: Some websites or services might be slower when accessed through a VPN due to distance or server load. Split DNS lets you bypass the VPN for these, improving your browsing experience.
Circumventing geo-restrictions selectively: Use the VPN only for services that require it, while accessing local content without issues.
Avoiding VPN detection: Some services block VPN connections. By only using the VPN for essential traffic, you reduce the chance of being blocked.
While the underlying configuration can be complex, many VPN apps simplify the process with a user interface. Look for settings related to "split tunneling" or "custom DNS."
The basic steps usually involve:
Installing and configuring your VPN client: This is the foundation.
Identifying the domains you want to route through the VPN: These are the specific websites or services that will use the VPN's DNS.
Adding these domains to your VPN client's split DNS settings: The app will then automatically route DNS requests for these domains through the VPN.
The exact steps will vary depending on the VPN client you are using. Consult its documentation for specific instructions.
Within your VPN app, look for these settings:
"Always use VPN DNS": This setting (if available) forces all DNS requests through the VPN, negating the split DNS configuration. Ensure it is disabled for split DNS to work.
"Bypass VPN for local networks": This option automatically excludes your local network from the VPN, simplifying access to local devices.
Domain List: This is where you specify the domains to route through the VPN. Be precise; incorrect entries can cause connection problems.
Test your configuration: After setting up split DNS, verify that the correct DNS server is being used for the specified domains. Online tools can help with this.
Privacy limitations: While split DNS enhances privacy for selected traffic, your regular internet connection is still exposed. Your ISP can still see the websites you visit outside the VPN.
Complexity: Troubleshooting split DNS issues can be challenging, especially if you are not familiar with networking concepts.
App support: Not all VPN apps support split DNS, or they may implement it differently. Choose a client that offers the features you need and has clear documentation.