How to change DNS resolution order with OpenVPN on Synology?

Question

I have a Synology DSM which is configured to use VPN clint to connect to company intranet.

OpenVPN connection is stable but the DNS servers are not added to the top of the resolve list. Instead it seems that they are added in the middle:

cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.8.8 nameserver 10.38.5.26 nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8888 domain local

How can I configure DSM in order to use VPN dns for a specific domain (like example.com) and use the other ones (local) for other domain. I think this setup is called split-DNS, something that works very well with Viscosity OpenVPN client.

Answer 1

You'd need a local DNS resolver like DNSmasq, configured to forward requests for .local to one nameserver, and all others to your general purpose nameservers.

DNS (what you can put into /etc/resolv.conf) can't deal with split DNS, so you have to put those smarts into the DNS server.

Your /etc/resolv.conf would only say

nameserver 127.0.0.1
domain local

and dnsmasq's config would have something like this pair for each domain you want to direct elsewhere.

server=/local/10.38.5.26
server=/5.38.10.in-addr.arpa/10.38.5.26

Depending on your environment, this DNS resolver could run on the Synology NAS, or on a pfsense firewall, or even on your normal desktop if its up 24/7

Answer 2

Quick question from a newbie: Is there a way to simply reset the resolv.conf file? According to Synology support, my file shows some strange DNS servers, which I have never specified. How can I reset the file so it simply uses the DNS from my default gateway (i.e. my router)? I have specified my DNS servers there and want my DS to use these DNS servers.