With NetworkManager + OpenVPN plugin always being connected to a VPN, the DNS servers of my VPN provider are utilized to prevent a DNS leak and the use of dnscrypt-proxy or unbound seemingly makes no sense.
Nevertheless it may be useful to have a local DNS cache to speed things up.
What would be an easy and appropriate solution for a laptop, that’s caching only for itself?
See if any of this information is helpful for your use case
https://wiki.archlinux.org/index.php/Domain_name_resolution
Systemd-resolved will cache DNS results. It is intended to be used on a single system and already installed. You just need to set it up.
Thanks for the hints, I have already read through these pages but that made it even more complicated.
As it seems, going for systemd-resolved would be the recommended way as it is already installed anyway, but the dnsmasq approach seems to be easier as it does not require any additional configuration.
I am currently using a different solution with dnscrypt-proxy, which works but causes problems with public wireless access point that use a captive portal.
After I have written my initial post, I realized that it may be a good idea to stick to dnscrypt-proxy (or unbound?) and not to use the DNS servers of my VPN provider, because what’s usually called a “DNS Leak” isn’t really what it seems, and there is no real reason to favor the DNS servers of my VPN provider over what a solution like a dnscrypt-proxy setup is choosing.
To sum it up, I’m currently quite confused about which way to go to keep using random secure DNS servers together with local DNS caching together with NetworkManager and its OpenVPN plugin and still being able to log into public Wi-Fis which make use of captive portals.