Resolving DNS Issues on a VPN-Connected Ubuntu Machine


Recently, I encountered a challenging issue while working with a machine ( connected via a WireGuard VPN, with the host at The core problem was a lack of internet access, despite a functioning network connection. This blog post details the steps I took to diagnose and resolve this DNS-related issue.

The Problem

While SSH’d into, I realized I couldn’t access the internet. The first hint of trouble came when I tried pinging Google:

ping: Temporary failure in name resolution

This error pointed towards a potential DNS issue, especially since my SSH connection was active, indicating that the network was operational.

Diagnosing the Issue

To further investigate, I ran nslookup to check DNS resolution:

;; communications error to connection refused

** server can't find SERVFAIL

These results confirmed that DNS queries to were being refused, despite the machine itself being reachable (verified by pinging

Resolving the Issue

Step 1: Local DNS Test on the Host

On the host machine (, I tested DNS resolution locally with nslookup, which worked fine. This hinted that the issue might be related to a firewall configuration.

Step 2: Checking and Updating Firewall Settings

Using ufw status numbered, I discovered that the IP I was using wasn’t on the allowlist. After adding it and restarting the dnsmasq service, I was able to resolve DNS queries from

Step 3: Configuring Conditional DNS Forwarding

However, a new requirement emerged: I needed to ensure that only DNS queries for domains ending in .ds were forwarded to To achieve this, I configured dnsmasq on

echo 'server=/ds/' | sudo tee -a /etc/dnsmasq.conf
sudo systemctl restart dnsmasq

Note you need to have server= or something as well in order to resolve dns normally. Otherwise cannot resolve DNS.

Step 4: Verifying the Configuration

Finally, I verified that DNS queries for .ds domains were correctly directed to, while others were handled locally on This was done using dig or nslookup with different domain types.


In this case, a combination of firewall adjustment and DNS forwarding configuration resolved the internet access problem.

Leave a Reply

Your email address will not be published. Required fields are marked *