DNS over VPN for Android

I’ve some issues with DNS in Android. It’s quite hard to teach Android to use a different DNS server than it’s default one. It seems like that is hard wired into the system. However, it’s possible to use a VPN tunnel to point to a custom DNS server instead. dns66 is a tool that allows to set custom servers. It should block traffic, but so far this did not work that well.

Nevertheless, I want to put an additional domain to it and use it to resolve a single IP for my VPN. But you can only run a single VPN endpoint. You can run only DNS66 or OpenVPN, not both…..

To fix this I installed a dnsmasq on my VPN Server. It is configured to listen only to the VPN Interface.

apt-get install dnsmasq dnsutils

The configuration consist of two lines:

listen-address= # IP of the tun0 interface

Afterward you have to ensure within iptables that the interface is allowed to access:

iptables -A INPUT -i tun0 -j ACCEPT

Here the lazy version. Afterwards, you create an additional file for the records in /etc/dnsmasq.d/vpn with the content:


A restart of dnsmasq and you can validate it with dig.

OpenVPN configuration

To make the Android OpenVPN use of this, deploy this as a special option to the client. I’ve updated the configuration of the certificate in the ccd folder of openvpn.

"dhcp-option DNS"

A restart of the openvpn service should do it. To be honest, I do not know if that works correctly. I’ve also defined the DNS server manual in the android OpenVPN side to point to it. My manual test from a console emulator always resolved against But the app that should find the record was able to find it.

I won’t bother about this further. It’s working.

best regards, akendo