When using VPN it uses VPN dns servers when using no VPN it is using that dns server
This depends on your configuration:
resolvectl status --no-pager
There must be a link with the flag +DefaultRoute
.
See the Current DNS Server
on that link.
You can also verify the link
for each specific reply:
resolvectl query example.org
Also pay attention to the split DNS settings:
systemd-resolved: introduction to split DNS - Fedora Magazine
Ok, seems to be Wi-Fi’s DNS. What does “-DNSOverTLS” mean? It’s supposed to be DNS over HTTPS. Are my quesries even encrypted?
systemd-resolved only supports plain DNS and DoT, not DoH.
The leading dash means that DoT is disabled on that link.
If you actually need DoH, enable it in the browser settings.
Or configure it globally with a service like dnscrypt-proxy.
Are there any plans to make it support them? I am surprised that such a simple security mechanism isn’t yet implemented and deployed to all the users’ PCs by default (making regular people go through the trouble of setting it up)