DNS Override and Wireguard Endpoint

[freshra]

Hello all,

I'm running OPNSense 23.7.3-amd64 and have hit a bit of a snag with my Wireguard and DNS configuration.
I have configured a wildcard DNS Override in Unbound for my homelab domain (Let us say *.homelab.com).

My Wireguard configuration is set to use the endpoint at vpn.homelab.com.

When I enable the Wireguard VPN while still connected to my home network, vpn.homelab.com resolves to the internal IP address due to the override. However, when I move my device to another network, Wireguard retains the old internal IP address due to its default behavior of only initially resolving the domain name.

Is there a way to exclude vpn.homelab.com from the wildcard DNS override, while still maintaining the wildcard DNS override for every other subdomain under *.homelab.com?

vpn.homelab.com resolves to my external IP address using an external resolver like Cloudflare.

[CJ]

BTW, example.com is the official domain for examples.

I've seen some people use vpn.example.com for external access and something like *.internal.example.com for internal access.

Depending on your goals and you can also use port forwarding to resolve things internally and externally the same.  That's what I do in order to access my dmz server via domain regardless of whether I'm inside or outside the network.