SERVFAIL when VPN active
Knot Resolver, version 3.2.1, shipped with TurrisOS 4.0.5.
When I'm not using any VPN, all domains resolve. When I enable my VPN, and that substitutes my default gateway, then domains such as bit.ly
and storage.googleapis.com
no longer resolve and kresd
returns SERVFAIL
. If I disable the VPN those domains immediately start resolving again.
I see no evidence of tampering from the VPN side, since querying via dig @1.1.1.1
and dig @8.8.8.8
works. And if I enable TLS forward to CloudFlare, the same behaviour persists (but only when the VPN is active).
This was not the case some time ago. I haven't changed the router configuration, and this behaviour started happening recently. I presume some recent update triggered it.
I didn't see any specific errors in the logs that could shed any light into this behaviour. I am a developer myself and fairly technical. Please let me know any particular configuration files or logs you want me to include, or any troubleshooting steps I can take. I'm a bit lost as to why this is happening and don't know how to diagnose it.
This seems to be a very similar report: https://forum.turris.cz/t/openvpn-dns-not-working-when-connected-to-protonvpn/11365