diff --git a/src/configs/ConfigBuilder.cpp b/src/configs/ConfigBuilder.cpp
index 43df7f7..49b3e73 100644
--- a/src/configs/ConfigBuilder.cpp
+++ b/src/configs/ConfigBuilder.cpp
@@ -727,6 +727,14 @@ namespace Configs {
         // Direct
         auto directDNSAddress = dataStore->routing->direct_dns;
         if (directDNSAddress == "localhost") directDNSAddress = BOX_UNDERLYING_DNS_EXPORT;
+#ifdef Q_OS_LINUX
+        auto usingSystemdResolved = ReadFileText("/etc/resolv.conf").contains("systemd-resolved");
+        if (dataStore->spmode_vpn && (directDNSAddress.startsWith("local") || directDNSAddress.startsWith("underlying")) && usingSystemdResolved)
+        {
+            MW_show_log("[Warning] Using local dns resolver with systemd-resolved enabled causes a dns loophole, using dhcp://auto as direct dns.");
+            directDNSAddress = "dhcp://auto";
+        }
+#endif
         QJsonObject directObj{
             {"tag", "dns-direct"},
             {"address_resolver", "dns-local"},
@@ -813,9 +821,17 @@ namespace Configs {
         }
 
         // Underlying 100% Working DNS
+        auto dnsLocalAddress = BOX_UNDERLYING_DNS_EXPORT;
+#ifdef Q_OS_LINUX
+        if (dataStore->spmode_vpn && (dnsLocalAddress.startsWith("local") || dnsLocalAddress.startsWith("underlying")) && usingSystemdResolved)
+        {
+            MW_show_log("[Warning] Using local dns resolver with systemd-resolved enabled causes a dns loophole, using dhcp://auto as local dns.");
+            dnsLocalAddress = "dhcp://auto";
+        }
+#endif
         dnsServers += QJsonObject{
             {"tag", "dns-local"},
-            {"address", BOX_UNDERLYING_DNS_EXPORT},
+            {"address", dnsLocalAddress},
             {"detour", "direct"},
         };
 
diff --git a/src/ui/mainwindow_grpc.cpp b/src/ui/mainwindow_grpc.cpp
index 155014b..56d82d6 100644
--- a/src/ui/mainwindow_grpc.cpp
+++ b/src/ui/mainwindow_grpc.cpp
@@ -538,12 +538,6 @@ void MainWindow::profile_start(int _id) {
             restartMsgboxTimer->cancel();
             restartMsgboxTimer->deleteLater();
             restartMsgbox->deleteLater();
-#ifdef Q_OS_LINUX
-            // Check systemd-resolved
-            if (Configs::dataStore->spmode_vpn && Configs::dataStore->routing->direct_dns.startsWith("local") && ReadFileText("/etc/resolv.conf").contains("systemd-resolved")) {
-                MW_show_log("[Warning] The default Direct DNS may not works with systemd-resolved, you may consider change your DNS settings.");
-            }
-#endif
         });
     });
 }