= **Using DNS servers pushed to clients** #pushdns-top

----

This page describes how to use pushed DNS servers in the client.

**Contents:**
 1. [#pushdns-nix Using DNS servers pushed to a Linux client] [[br]]
 1. [#pushdns-win Using DNS servers pushed to a Windows client] [[br]]
 1. [#pushdns-add Additional notes] [[br]]

----

== Using DNS servers pushed to a Linux client #pushdns-nix

Linux must use an external script to update the DNS servers in `/etc/resolve.conf`

**[[span(style=color: #0000FF, Blue-pill )]] or [[span(style=color: #FF0000, Red-pill )]]** ?
  https://github.com/jonathanio/update-systemd-resolved

  https://github.com/alfredopalhares/openvpn-update-resolv-conf

  You are getting ''[[span(style=color: #0000FF, Blue-pill )]]'' 'd, regardless..
----

== Using DNS servers pushed to a Windows client #pushdns-win

 OpenVPN 2.5+::

 Windows uses the OpenVPN built-in DHCP server to update the TAP adapter's DNS servers and no additional steps are required.

 This does require that the client is run using the [https://community.openvpn.net/openvpn/wiki/OpenVPN-GUI-New OpenVPN-GUI] and that the OpenVPN `InteractiveService` for Windows is started.

 To prevent DNS leaks at the client use `--block-outside-dns`.

 OpenVPN 2.4::

 See: 2.5+

 **Upgrade Now! **

 OpenVPN 2.3::

 Windows uses the OpenVPN built-in DHCP server to update the TAP adapter's DNS servers and no additional steps are required.  

 This **does require** that the client is run as an **administrator** user.

 This version does **not** support `--block-outside-dns`

 **Upgrade Now! **

----

== Additional notes #pushdns-add

 Linux notes::

 If the client is run using `--user` and `--group` to drop the process privileges then the `--down` script will fail and leave the client DNS in an undefined state.

 The recommended way to resolve this is to use the [https://github.com/OpenVPN/openvpn/blob/master/src/plugins/down-root/README.down-root openvpn-down-root.so] plugin module.