Archive > 20.7 Legacy Series

Local DNS not in /etc/resolv.conf with Unbound after reboot

<< < (2/2)

Fright:
yep. WireGuard writes resolv.conf on every (re)load if DNS is set on instance

franco:
Ugh, does it really need to? We will coordinate with the maintainer of the plugin to solve this.


Cheers,
Franco

Fright:

--- Quote ---Ugh, does it really need to?
--- End quote ---
imho there is logic in this
when DNS is specified and applied in this way on the client side it should prevent dns leakage.
In my understanding, this option is a client-side, since although it can be specified on the server-side, client can always override it.
I have not seen any way to disable this behavior. can only edit wg-quick script.
(or skip this option and set\delete dns on PostUp\PostDown)

so maybe just more detailed help is enough?



flushell:

--- Quote from: Fright on January 18, 2021, 07:58:46 am ---yep. WireGuard writes resolv.conf on every (re)load if DNS is set on instance

--- End quote ---

Ah, I found this out too just know  ;D.
Thanks for checking.


--- Quote from: franco on January 18, 2021, 09:11:35 am ---Ugh, does it really need to? We will coordinate with the maintainer of the plugin to solve this.


Cheers,
Franco

--- End quote ---

Thank you.



--- Quote from: Fright on January 18, 2021, 03:31:11 pm ---
--- Quote ---Ugh, does it really need to?
--- End quote ---
imho there is logic in this
when DNS is specified and applied in this way on the client side it should prevent dns leakage.
In my understanding, this option is a client-side, since although it can be specified on the server-side, client can always override it.
I have not seen any way to disable this behavior. can only edit wg-quick script.
(or skip this option and set\delete dns on PostUp\PostDown)

so maybe just more detailed help is enough?

--- End quote ---

It is a client-side thing. If I don't set DNS on the WireGuard server (Local Tab in WireGuard) and I reload WireGuard it does not call resolvconf. For me this is a solution, because I have set DNS in on my clients, so I don't need this setting there.

I still think it is usefull to contact the maintainer, like Franco said.

errored out:
A better, but not perfect solution would be to place the DNS Server IP address option on the clients' table.  Granted the client may be able to change it. But at least it would not cause crippling issues to the firewall / DNS resolution.

Navigation

[0] Message Index

[*] Previous page

Go to full version