VPN Client DNS Mapping

We want to use the client DNS mapping feature to be able to resolve our servers internally.

Can you advise what is missing from the steps below to troubleshoot and get the DNS mapping to work?

  1. Enable VPN client DNS Mapping from webui and start the vpn server

  2. The users’ dns names are available in the user/organization list

  3. Doing a dns lookup for a user’s dns name from a vpn client fails

    On a tcp dump on the pritunl server we can see that there are requests from the client to the vpn server’s IP, but there is nothing listening on port 53/udp on the server, so the port is unreachable.
    12:12:39.877236 IP > ICMP udp port 53 unreachable, length 89

    Before enabling the dns mapping setting on the server, the dns requests do not hit the vpn server, but go straight to the public dns servers.

According to the documentation, the dns service is created automatically when the dns mapping option is enabled and should resolve the .vpn dns names and any other requests will be forwarded to public dns servers (this last part works).

Thanks in advance,

For macOS Ventura this requires running sudo pritunl set vpn.dns_mapping_push_all false. The Debugging documentation has more information.

Hi Zach,

Thanks for the quick response.
We are not using macOS, most of our clients run on Linux (Ubuntu).

The issue is not the use of external (public) DNS - this works, but the resolution of the internal example.organization.vpn.


The Pritunl Client doesn’t support configuring the DNS server with NetworkManager which is used by Ubuntu. Systemd Resolved used in Fedora is supported. The Gnome Client will allow configuring the DNS server on Ubuntu.