2 minutes reading
DNS over VPN for Android
I’ve some issues with DNS in Android. It’s quite hard to teach Android to use a different DNS server than it’s default one. It seems like that 8.8.8.8
is hard wired into the system.
However, it’s possible to use a VPN tunnel to point to a custom DNS server instead. dns66 is a tool that allows to set custom servers.
It should block traffic, but so far this did not work that well.
Nevertheless, I want to put an additional domain to it and use it to resolve a single IP for my VPN. But you can only run a single VPN endpoint. You can run only DNS66 or OpenVPN, not both…..
To fix this I installed a dnsmasq on my VPN Server. It is configured to listen only to the VPN Interface.
apt-get install dnsmasq dnsutils
The configuration consist of two lines:
listen-address=192.168.0.1 # IP of the tun0 interface
bind-interfaces
Afterward you have to ensure within iptables
that the interface is allowed to access:
iptables -A INPUT -i tun0 -j ACCEPT
Here the lazy version. Afterwards, you create an additional file for the records in /etc/dnsmasq.d/vpn
with the content:
address=/xvz.akendo.eu/192.168.192.291
A restart of dnsmasq
and you can validate it with dig
.
OpenVPN configuration
To make the Android OpenVPN use of this, deploy this as a special option to the client. I’ve updated the configuration of the certificate in the ccd
folder of openvpn.
"dhcp-option DNS 192.168.0.1"
A restart of the openvpn service should do it. To be honest, I do not know if that works correctly. I’ve also defined the DNS server manual in the android OpenVPN side to
point to it. My manual test from a console emulator always resolved against 8.8.8.8
. But the app that should find the record was able to find it.
I won’t bother about this further. It’s working.
best regards, akendo