Tunnel DNS requests through the VPN interface (systemd-resolved)

[MasterKia]

When using the VPN mode of Nekoray on GNU/Linux, DNS requests go through the default interface and not through nekoray-tun.

resolvectl status

Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (wlp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1

Link 4 (nekoray-tun)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Notice the -DefaultRoute for nekoray-tun even though VPN Mode is activated.

Half-solution:

resolvectl domain nekoray-tun '~.'
resolvectl default-route nekoray-tun true
resolvectl dns nekoray-tun 1.1.1.1
resolvectl default-route wlp3s0 false

Although I think this will interfere with Nekoray's own "DNS routing".

Ultimately Nekoray should implement:
https://github.com/systemd/systemd/blob/master/docs/RESOLVED-VPNS.md

Or without that, at least do the required resolvectl calls.

Fedora 37 KDE
Using systemd-resolved
Nekoray 2.9

[arm64v8a]

It is best to implement this function in sing-box. But I think they won't. Maybe none of us use systemd-resolved?

https://sing-box.sagernet.org/faq/known-issues/#on-linux

Or you can try to open strict route?

[MasterKia]

Well either Nekoray, or sing-box, should check for resolved and implement it.
I do know the commands to make it work despite that, but at -some- layer this needs to be done to tell resolved where to send requests to.

I sent you the example but it's not as simple as the commands above - interface names may change and behavior needs to be restored after VPN mode is disabled.

You can test this yourself if you're on GNU/Linux and using systemd-resolved (the default on Ubuntu +16 and Fedora).
Enable Nekoray's VPN mode, and do:
resolvectl query facebook.com
(any blocked domain)

Then notice that you won't get a DNS respond back.

Enabling strict route didn't fix it.

[imanhavangi]

Encountered the same issue and successfully resolved it within the application by following these steps:

1. Open Nekoray.
2. Navigate to Preferences -> Routing Settings -> DNS.
3. Modify the Direct DNS setting by selecting "223.5.5.5" from the dropdown menu (you may want to experiment with other options).

After making these changes, restart Nekoray and attempt to connect to your profile.

[ErfanRasti]

Encountered the same issue and successfully resolved it within the application by following these steps:

1. Open Nekoray.
2. Navigate to Preferences -> Routing Settings -> DNS.
3. Modify the Direct DNS setting by selecting "223.5.5.5" from the dropdown menu (you may want to experiment with other options).

After making these changes, restart Nekoray and attempt to connect to your profile.

You saved me bro. This instruction worked for me.
Where did you find that DNS address?