Fixing DNS Resolution Issues

The Problem

When switching between networks (WiFi, Ethernet, VPN), you may encounter DNS resolution failures:

$ ping google.com
ping: google.com: Temporary failure in name resolution

This commonly happens with Cisco VPN and other VPN clients that modify /etc/resolv.conf but fail to restore it properly when disconnecting.

Why This Happens

1. VPN connects and writes its DNS servers to /etc/resolv.conf
2. You disconnect VPN or switch networks
3. The VPN client doesn’t clean up /etc/resolv.conf
4. Your system is stuck with unreachable DNS servers

Diagnosis

Check if you have stale DNS servers:

# Check current DNS configuration
cat /etc/resolv.conf

# Check what NetworkManager thinks the DNS should be
nmcli device show | grep -i dns

# Test DNS resolution
ping google.com

If /etc/resolv.conf shows different DNS servers than what NetworkManager reports, you have this issue.

The Fix

Step 1: Install openresolv

sudo pacman -S openresolv --noconfirm

Step 2: Configure NetworkManager

Edit NetworkManager configuration:

sudo vim /etc/NetworkManager/NetworkManager.conf

Add these lines at the end of the file:

[main]
dns=openresolv
rc-manager=resolvconf

Save and exit (:wq in vim).

Step 3: Restart NetworkManager

Since Aegix uses runit (not systemd):

sudo sv restart NetworkManager

Step 4: Verify

Check that DNS is now managed properly:

# Should show "Generated by NetworkManager" comment
cat /etc/resolv.conf

# Test DNS resolution
ping google.com

Quick Emergency Fix

If DNS breaks and you need immediate resolution:

Option 1: Force NetworkManager to update DNS

sudo resolvconf -u

Option 2: Manually set DNS servers

sudo bash -c 'cat > /etc/resolv.conf << EOF
# Temporary DNS fix
nameserver 192.168.0.1
nameserver 1.1.1.1
nameserver 8.8.8.8
EOF'

Then apply the permanent fix above.

Option 3: Restart NetworkManager

sudo sv restart NetworkManager

Common DNS Servers

Replace in /etc/resolv.conf or add as fallbacks:

• 1.1.1.1 - Cloudflare DNS (fast, privacy-focused)
• 8.8.8.8 - Google DNS (reliable)
• 9.9.9.9 - Quad9 DNS (security-focused)
• 192.168.0.1 or 192.168.1.1 - Your router (local network)

Testing After Fix

After applying the fix, test these scenarios:

1. Connect to VPN → Check cat /etc/resolv.conf → Should show VPN DNS
2. Disconnect from VPN → Check cat /etc/resolv.conf → Should restore normal DNS
3. Switch WiFi networks → Check cat /etc/resolv.conf → Should update automatically

Troubleshooting

DNS still not working after fix?

# Check if NetworkManager is running
sudo sv status NetworkManager

# Check if openresolv is installed
pacman -Q openresolv

# Verify NetworkManager configuration
cat /etc/NetworkManager/NetworkManager.conf

# Force DNS update
sudo resolvconf -u
sudo sv restart NetworkManager

Check which process is managing DNS

ls -la /etc/resolv.conf
# Should be a regular file, not a symlink

View NetworkManager logs

sudo svlogtail NetworkManager

Additional Notes

• This fix makes NetworkManager the authoritative DNS manager
• VPNs can still push DNS servers, but they’ll be properly cleaned up on disconnect
• openresolv handles DNS updates from multiple sources (NetworkManager, VPN, DHCP)
• Works with Cisco VPN, OpenVPN, WireGuard, and other VPN clients

Prevention for New Aegix Installations

To bake this into fresh Aegix installations, add to your installation script:

# Install openresolv
pacman -S openresolv --noconfirm

# Configure NetworkManager
cat >> /etc/NetworkManager/NetworkManager.conf << 'EOF'

[main]
dns=openresolv
rc-manager=resolvconf
EOF

# Restart NetworkManager
sv restart NetworkManager

Last Updated: 2025-11-03 Tested On: Aegix Linux (Artix-based with runit) Author: Aegix Community