Redirect dns traffic through wireguard

Started by pitoucol, December 18, 2025, 12:32:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 18, 2025, 12:32:29 PM
Hello

Is it possible to take unbound requests and send them back through a wireguard gateway? If so, what would be the method?
Could you help me build the rules and understand them?
I have a functional wireguard gateway, and unbound operational too.
Thank you
January 08, 2026, 02:47:13 PM #1
If you want to send any local DNS request to a local Unbound through wireguard to an upstream DNS, the easiest way is to use the documentation for wireguard selective routing (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) and modify it to only tunnel DNS traffic from any firewall IP to the upstream DNS IPs.
January 18, 2026, 12:53:05 PM #2
Quote from: cs1 on January 08, 2026, 02:47:13 PMIf you want to send any local DNS request to a local Unbound through wireguard to an upstream DNS, the easiest way is to use the documentation for wireguard selective routing (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) and modify it to only tunnel DNS traffic from any firewall IP to the upstream DNS IPs.
Are you referring to the section "Dealing with DNS Leaks"? If so, which of the 5 points/solutions would you recommend?

Tia.
January 18, 2026, 11:22:43 PM #3
I already tried to deal with dns leaks. But at that time I wanted to redirect all my dns requests to wireguard gateway.
However I use now unbound and would like to know how to redirect all the dns traffic from unbound to the wireguard gateway in order to prevent dns leak.
But maybe this is not the right way to proceed ?
Today at 03:46:07 PM #4
Quote from: hushcoden on January 18, 2026, 12:53:05 PM
Quote from: cs1 on January 08, 2026, 02:47:13 PMIf you want to send any local DNS request to a local Unbound through wireguard to an upstream DNS, the easiest way is to use the documentation for wireguard selective routing (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) and modify it to only tunnel DNS traffic from any firewall IP to the upstream DNS IPs.
Are you referring to the section "Dealing with DNS Leaks"? If so, which of the 5 points/solutions would you recommend?

Tia.

No, I'm referring to the documentation as a whole. The only difference is that in Step 8 you only tunnel requests by unbound to UDP/53.
Today at 03:48:46 PM #5
Quote from: pitoucol on January 18, 2026, 11:22:43 PMI already tried to deal with dns leaks. But at that time I wanted to redirect all my dns requests to wireguard gateway.
However I use now unbound and would like to know how to redirect all the dns traffic from unbound to the wireguard gateway in order to prevent dns leak.
But maybe this is not the right way to proceed ?

If you modify the rule in Step 8 to tunnel DNS traffic via wireguard, that should work.

However, I get the feeling that what you're trying to do is something entirely different. Can you please explain what exactly you're trying to achieve? I get the feeling that whatever you're trying to do could be achieved much easier (e.g. let unbound talk to a trusted DNS via DNS-over-TLS).
Print
Go Up Pages1
User actions