WG client related DNS resolution issue when DNS is other than unbound

Started by xPliZit_xs, September 14, 2023, 12:59:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 14, 2023, 12:59:25 AM
Hi,

i have noticed an issue which i tried to describe below:

Scenario1

WG client (windows)
WG tunnel DNS setting points to local(LAN) DNS server address  10.1.1.10

OPNsense (10.1.1.10) is running unbound

-> WG client has working DNS resolution


Scenario2

WG client (windows)
WG tunnel DNS setting points to local(LAN) DNS server address 10.1.1.10

OPNsense (10.1.1.10) has unbound disabled, OPNsense is running Adguard (enabled and set as primary DNS) as DNS server

-> WG client has no working DNS resolution

Scenario3

WG client (windows)
WG tunnel DNS setting points to local(LAN) DNS server address 10.1.1.18 (not on OPNsense)

OPNsense (10.1.1.10) has unbound disabled, Another machine (10.1.1.18) in the LAN has Adguard running as DNS server

-> WG client has no working DNS resolution


What could be the issue here?

Thank you.

Br.
September 14, 2023, 04:34:00 AM #1 Last Edit: September 14, 2023, 04:43:51 AM by Timmy
I've just started having issues with DNS over WireGuard today. I seem to be able to resolve internal Hostnames / IPs, but resolution for public addresses fail.

I am using AD Guard instead of Unbound DNS - running on OpnSense

I can resolve public DNS using a public server (1.1.1.1)

I am experiencing similar issues on multiple devices (MacBook, iPhone) on multiple networks (local wifi, 4G networks), and to multiple WireGuard servers (home - OpnSense, and a VM on AWS).

It seems like there might have been an issue with an update to the WireGuard client which I think updated last night on my phone, and maybe yesterday on my Mac?

Example attempts at DNS resolution from my MacBook all while connected to a WireGuard VPN running on OpnSense at home.

EDIT: WireGuard client seems to be 6 months old, and hasn't been updated, which just confuses me :-)

Code Select
alloneword@TimMBP ~ % nslookup google.com
;; connection timed out; no servers could be reached

alloneword@TimMBP ~ % nslookup google.com 192.168.4.1
;; connection timed out; no servers could be reached

alloneword@TimMBP ~ % nslookup google.com 1.1.1.1   
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: google.com
Address: 172.217.24.46

alloneword@TimMBP ~ % nslookup google.com 192.168.1.254
;; connection timed out; no servers could be reached

alloneword@TimMBP ~ % nslookup gateway.stuff
Server: 192.168.4.1
Address: 192.168.4.1#53

Non-authoritative answer:
Name: gateway.stuff
Address: 192.168.1.254
September 14, 2023, 07:10:50 AM #2
I think I have resolved my issue - the upstream connection from my Ad Guard wasn't working - resolved that and I think it is all happy now - check your upstream resolver on your UnBound DNS?
September 14, 2023, 09:55:11 PM #3
In my case when OPNsense is using unbound then DNS resolution works for WG clients.
But when OPNsense runs only Adguard as DNS server and unbound is disabled then DNS resolution does not work for WG clients.
Print
Go Up Pages1
User actions