带有内部DNS名称服务器的OpenVPN服务器

我在Centos 7 AWS ec2实例上运行了一个OpenVPN 2.4.6 x86_64-redhat-linux-gnu

我还有2个内部公司DNS名称服务器，可以从中查询内部主机名（工作正常）

每当员工通过OpenVPN连接到我们的子网时，我希望他们的笔记本电脑使用我们的内部DNS名称服务器进行名称解析，但无论我尝试了多少种配置组合，我都无法让连接客户端使用内部DNS进行名称查找（客户端Ubuntu使用其本地/etc/resolv.conf查找内部主机名，而不是我们自己的DNS）

这是我的openvpn服务器.conf

port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
management 127.0.0.1 5555
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"
**push "dhcp-option DOMAIN company.ec2us"
push "dhcp-option DNS xxx.xxx.91.251"
push "dhcp-option DNS xxx.xxx.126.93"**

push "route 192.xxxx.xxx.0 255.255.255.0"  # ABC1 subnet
push "route 192.xxxxx.0 255.255.255.0"  # NYC office LAN
push "route 208.xxxx.0 255.255.255.0"  # XYZ internal

crl-verify crl.pem
ca ca.crt
cert server_v8OxxxxxxxFCOK.crt
key server_v8ORxxxxxx7FCOK.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3

客户端OVPN文件如下所示

client
proto udp
remote xxx.xxx.155.45 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_v8ORQmlxxxxFCOK name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
dhcp-option DOMAIN company.ec2us
dhcp-option DNS xxx.xxx.91.251
dhcp-option DNS xxx.xxx.126.93

verb 3
<ca>
-----BEGIN CERTIFICATE-----

但是一旦连接到客户机上，如果我不查找内部主机的$name，它将使用我在/etc/resolv.conf中默认的8.8.8.8

有没有办法强制客户端使用内部DNS主机

Wed Feb 27 17:06:48 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DOMAIN company.ec2us,dhcp-option DNS xxx.xxx.91.251,dhcp-option DNS xxx.xxx.126.93,route xxx.xxx.40.0 255.255.255.0,route xxx.xxx.30.0 255.255.255.0,route xxx.xxx.251.0 255.255.255.0,route-gateway 10.8.0.1,topology sub