I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I’ll discover that my DNS leaks. And which is correct because I’ve specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS – along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?


But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used – by IP. But there’ll be none because I’ll use a DNS on my VPS instead of 1.1.1.1. In other words, it’ll be a circular dependency.

  • bizdelnick
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    You don’t have to set up your own resolver. It is enough to configure route to 1.1.1.1 via WireGuard peer. If you already use it as a default gateway, your DNS requests don’t leak (I mean, Cloudflare is unable to associate them with your local IP address). To be sure, check traceroute 1.1.1.1 (on *nix system) or tracert 1.1.1.1 (on Windows), you should see your WG peer address in the output.

    Random VPN service cannot determine if your DNS server trusted or not, it only checks if the server is provided by that service. When using your own WG server, such checks are useless.