Hi Reco Thanks for sharing your experience with me.
> Sent: Thursday, September 30, 2021 at 9:52 PM > From: "Reco" <recovery...@enotuniq.net> > To: debian-user@lists.debian.org > Subject: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS > managers) > > > The limitation of update-resolv-conf in its current (as of bullseye) > form is that it does nothing to the list of the resolvers that are > configured already before the openvpn handshake. Which could lead to DNS > leaks, which are considered a bad thing by some. > I see. Thanks for your explanation. The following describes what I've been doing when I used the installer since Debian Jessie: 1. Plug the LAN cable out from its RJ45 port 2. Click "No" when asked if I wish to have auto networking configuration enabled 3. Input my IP address, netmask, default gateway and the IP addresses of my preferred DNS resolvers (my preferred DNS resolvers are hosted/managed by privacy-conscious folks all over the world; none of them are from my country, which is part of the Five-Eyes Alliance.) Based on the above description, do you think that update-resolv-conf in Bullseye will leak the IP addresses of my ISP's DNS resolvers? > Back in the day I solved that problem by using a custom dnsmasq config > and a handful of netfilter rules, these days I just use network namespaces. > Would you like to show me how to use network namespaces to solve the problems when using update-resolv-conf?
