I have OpenVPN running on my fedora 33 laptop. I’m using /etc/openvpn/scripts/update-systemd-resolved to update systemd-resolved. When openvpn runs I see:
Wed Oct 14 15:07:15 2020 /etc/openvpn/scripts/update-systemd-resolved tun0 1400 1472 10.8.0.2 255.255.255.0 init
<14>Oct 14 15:07:15 update-systemd-resolved: Link 'tun0' coming up
<14>Oct 14 15:07:15 update-systemd-resolved: Adding IPv4 DNS Server 192.168.2.1
<14>Oct 14 15:07:15 update-systemd-resolved: SetLinkDNS(7 1 2 4 192 168 2 1)
Wed Oct 14 15:07:15 2020 /sbin/ip route add 192.168.2.0/24 via 10.8.0.1
and my resolvectl status shows:
Link 7 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.2.1
DNS Servers: 192.168.2.1
But DNS fails unless i explicitly try against 192.168.2.1. The odd thing was it was working prior to the latest round of updates to fedora 33.
I see I’m very late here. Have you found a solution yet?
I assume that you have completely disabled NetworkManager. If not, NetworkManager is going to fight with /etc/openvpn/scripts/update-systemd-resolved, hence the above answer regarding nmcli should not be relevant. But if you are trying to use both NetworkManager and update-systemd-resolved together, don’t!
I’m not familiar with update-systemd-resolved, since Fedora defaults to using NetworkManager, and that’s the case I primarily care about. I’m very confident this script is the source of your troubles, though. The problem I see with your resolvectl status is that you have no DNS domain set. This means you’ve configured your DNS server for tun0, but have (probably, see below) told systemd-resolved to never use it. (If you were using NetworkManager, it would make sure that doesn’t happen.) Use resolvectl domain to see. For example, mine says:
$ resolvectl domain
Link 2 (enp4s0): lan
Link 3 (enp6s0):
Link 4 (wlp5s0):
Link 5 (tun0): ~.
Link 6 (virbr0):
Link 7 (virbr0-nic):
Link 8 (tun1): redhat.com
This means DNS for redhat.com goes to the DNS server configured for tun1, DNS for lan goes to the DNS server configured for enp4s0, and all other DNS goes to the DNS server configured for tun0. Make sure you have a ~. domain somewhere – it’s probably on enp4s0 I guess, but you might want it on tun0 if you want your VPN to get all your DNS – because otherwise most of your DNS will be sent to every interface’s DNS server.