I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I’ll discover that my DNS leaks. And which is correct because I’ve specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS – along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?


But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used – by IP. But there’ll be none because I’ll use a DNS on my VPS instead of 1.1.1.1. In other words, it’ll be a circular dependency.

  • z3bra@lemmy.sdf.org
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Keep in mind that using your own VPS as a VPN doesn’t bring anonymity. You’re simply replacing one IP tied to your name (your ISP) with another one (your VPS).

    You hide your traffic from your ISP, and delegate it to your VPS provider.

    This will be the same for your DNS. If you want true anonymity regarding DNS, you should use someone else’s service, preferably over encrypted channels, eg. cyberia.is DoT.

    I personally use it as a forwarder from a box inside my home (along with others), and use this box as the local DNS when I’m home. This way I know that all DNS traffic is encrypted, and doesn’t leak anything to my ISP or VPS or whatever.

    • salvador@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      13
      ·
      edit-2
      1 year ago

      Keep in mind that using your own VPS as a VPN doesn’t bring anonymity. You’re simply replacing one IP tied to your name (your ISP) with another one (your VPS).

      Grass is green. Sky is blue. Keep this in mind – in case you haven’t known.

    • salvador@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      14
      ·
      1 year ago

      This will be the same for your DNS. If you want true anonymity regarding DNS, you should use someone else’s service, preferably over encrypted channels, eg. cyberia.is DoT.

      I haven’t asked for a hidden advert

      • z3bra@lemmy.sdf.org
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Looks like you shouldn’t ask for anything at all, given that you cannot take a single answer without being a condescending jerk. I’m not affiliated to cyberia.is in any mean by the way just proposing a service that you could use to solve your problem if you were not too busy being a douchebag.