I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I’ll discover that my DNS leaks. And which is correct because I’ve specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS – along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?


But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used – by IP. But there’ll be none because I’ll use a DNS on my VPS instead of 1.1.1.1. In other words, it’ll be a circular dependency.

  • atheken@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It’s not completely clear what you mean, but I’m guessing you’re only routing a subset of your traffic through wireguard, probably only IPv4, and there may be some IPv6 traffic that is not being routed over your wireguard connection.

    You can specify any IPs you want for DNS with wireguard, and if your allowed IPs include those addresses, then it should flow over your VPN.

    I do this with Pihole at home, and it blocks ads while I’m away.

    With whatever test you’re running that says stuff is “leaking,” keep in mind that the website is going to report any traffic that originates from your VPS as “unprotected” because it’s not their system, and even if you run your own DNS server, it’s still got to query upstream to a public DNS. All they’re really doing is demonstrating which upstream DNS server you have configured, and it’s up to you if you want your VPS’s IP to be connected to the query history of that upstream DNS provider.

    You will usually need a hostname in DNS for your VPN server to make it easy to find/connect, which will use your normal DNS resolution. Once connected, if you have it set up correctly, new dns queries should route through your VPN connection. Just keep in mind that various results can be cached on your system and in web browsers, so you should quit and reopen your browser after you connect to the VPN before you run your “leak” test.

    • salvador@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s not completely clear what you mean, but I’m guessing you’re only routing a subset of your traffic through wireguard, probably only IPv4, and there may be some IPv6 traffic that is not being routed over your wireguard connection.

      Why would you guess that?

      You can specify any IPs you want for DNS with wireguard, and if your allowed IPs include those addresses, then it should flow over your VPN.

      I do this with Pihole at home, and it blocks ads while I’m away.

      How’s that relevant to my question?

      • atheken@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Your question, as best as I could tell, is that you want DNS traffic to exit through your VPS node, rather than your client machine.

        I posited one reason this could be happening, and additionally, a similar setup that provably routes traffic through the VPN based on the method I described.

        Nobody in here is obligated to help you, I gave you a couple threads to pull on to resolve your question, so maybe consider accepting it graciously, rather than being obstinate.