I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I’ll discover that my DNS leaks. And which is correct because I’ve specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS – along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?

But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used – by IP. But there’ll be none because I’ll use a DNS on my VPS instead of 1.1.1.1. In other words, it’ll be a circular dependency.

      • towerful@programming.dev
        2·
        1 year ago

        Use the IP address of your vps instead of a domain name for the wireguard config.

        Edit:
        Just to make this absolutely clear and remove all doubt.
        If wireguard is trying to connect using a domain name, the domain name will need to be resolved, which will likely require initial DNS queries to establish the IP address behind the domain name.

        If you configure wireguard to connect directly to the IP address of the VPS, there is no need for a DNS lookup.

        So no, I’m not assuming your VPS is running a DNS.
        Wind your neck in before you embarrass yourself.

        • salvador@lemmy.worldOP
          1·
          1 year ago

          Even if I I used an IP of my VPS server to connect to it, how will a client be resolving websites afterwards? You idiot.

          • towerful@programming.dev
            2·
            1 year ago

            Using a DNS server, somewhere. Unless you manually gather the required IP addresses of whatever services you want and build up a hosts file, like how the original ARPANET worked.

            The requests will come from somewhere and go somewhere. There is not magic “you don’t see me” domain resolution system. Even DoH or DoT, you have to trust the resolving server isn’t going to track you.
            Whether that request is to a DNS server you run on an IP linked to you (which will recursively resolve any uncached domains), or from the gateway of your VPN to a DNS server you do not run… It’s always going to come back to an IP address of a VPS that is linked to you.

            I don’t get what you are trying to do, you haven’t explained it well, and your being hostile as fuck all over the thread.

            If you really want anonymity, use TOR?
            Other than whatever-the-CIA/NSA/MI5/MI6/5-eyes is doing with timing attacks and their own relay/exit nodes, that’s about as anonymous as you can get

              • TexMexBazooka@lemm.ee
                2·
                1 year ago

                Bruh after scrolling through your comments for entertainment value, I had to stop by and personally talk shit-

                You are by no means intelligent enough to be any kind of threatening. Stop making a fool of yourself.

                Or continue. It’s honestly funny.

                I will take no further questions.

  • atheken@programming.dev
    1·
    1 year ago

    It’s not completely clear what you mean, but I’m guessing you’re only routing a subset of your traffic through wireguard, probably only IPv4, and there may be some IPv6 traffic that is not being routed over your wireguard connection.

    You can specify any IPs you want for DNS with wireguard, and if your allowed IPs include those addresses, then it should flow over your VPN.

    I do this with Pihole at home, and it blocks ads while I’m away.

    With whatever test you’re running that says stuff is “leaking,” keep in mind that the website is going to report any traffic that originates from your VPS as “unprotected” because it’s not their system, and even if you run your own DNS server, it’s still got to query upstream to a public DNS. All they’re really doing is demonstrating which upstream DNS server you have configured, and it’s up to you if you want your VPS’s IP to be connected to the query history of that upstream DNS provider.

    You will usually need a hostname in DNS for your VPN server to make it easy to find/connect, which will use your normal DNS resolution. Once connected, if you have it set up correctly, new dns queries should route through your VPN connection. Just keep in mind that various results can be cached on your system and in web browsers, so you should quit and reopen your browser after you connect to the VPN before you run your “leak” test.

    • salvador@lemmy.worldOP
      1·
      1 year ago

      It’s not completely clear what you mean, but I’m guessing you’re only routing a subset of your traffic through wireguard, probably only IPv4, and there may be some IPv6 traffic that is not being routed over your wireguard connection.

      Why would you guess that?

      You can specify any IPs you want for DNS with wireguard, and if your allowed IPs include those addresses, then it should flow over your VPN.

      I do this with Pihole at home, and it blocks ads while I’m away.

      How’s that relevant to my question?

      • atheken@programming.dev
        2·
        1 year ago

        Your question, as best as I could tell, is that you want DNS traffic to exit through your VPS node, rather than your client machine.

        I posited one reason this could be happening, and additionally, a similar setup that provably routes traffic through the VPN based on the method I described.

        Nobody in here is obligated to help you, I gave you a couple threads to pull on to resolve your question, so maybe consider accepting it graciously, rather than being obstinate.