DNS

By default the Crux VPN Agent does not use the host operating system's DNS resolver; instead it will access the Quad9 resolvers directly via DoH (DNS over HTTPS) to resolve the IP address of the Crux VPN API, as well as any Crux VPN endpoint addresses specified by DNS name.

This is particularly useful when a Crux VPN interface is itself used for the host's default route, to ensure that the agent can resolve the IP address needed to connect to the API even when the Crux VPN tunnel is not working.

If you would like to would use the host operating system's DNS resolver, add the following setting to the cruxvpn.conf file:

Dns = off

To use a custom DoH resolver (such as Cloudflare's), add the following settings to the cruxvpn.conf file, customizing the Dns setting to specify the DNS servers to contact, and the Doh setting to specify the hostname that the servers' TLS certificate must match:

Dns = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
Doh = cloudflare-dns.com

To use a custom UDP resolver, add the following settings to the cruxvpn.conf file, customizing the Dns setting to specify the DNS servers to contact:

Dns = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
DnsProtocol = udp

To use a custom TCP resolver, add the following settings to the cruxvpn.conf file, customizing the Dns setting to specify the DNS servers to contact:

Dns = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
DnsProtocol = tcp

The agent will automatically attempt to detect whether to use IPv4 or IPv6 addresses. To force the agent to always prefer IPv4 addresses, add the following setting to the cruxvpn.conf file:

ResolveHostnames = ipv4

You might also need to do this when you see an error like unhealthy crux vpn api: server unavailable, and the IP address shown for the API is an IPv6 address, and you don't have IPv4 connectivity to the API server.

To force the agent to always prefer IPv6 addresses, add the following setting to the cruxvpn.conf file:

ResolveHostnames = ipv6