WireGuard local DNS resolution

Started by donee, March 31, 2026, 10:03:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 31, 2026, 10:03:05 PM
I am able to connect to my WireGuard VPN.  I can get to the internet.  I can get to services behind the Wireguard VPN via IP but not by name. How do I get name resolution for services behind the router to work when on the WireGuard VPN?
I followed the how to https://docs.opnsense.org/manual/how-tos/wireguard-client.html
April 01, 2026, 02:28:01 PM #1
In your Client config file, did you add "DNS = ..."? The Peer generator allows for this entry as well. You can also add a search domain such as:
"10.10.1.1, internal"
Not tested in generator, but works on Client config file.
April 01, 2026, 03:18:28 PM #2
+1

Without the DNS option in the config file, WireGuard will not touch your DNS settings. So in your case, it will continue to use your local DNS server which does not know about your home network names.
April 01, 2026, 03:21:31 PM #3
Quote from: JamesFrisch on April 01, 2026, 03:18:28 PMSo in your case, it will continue to use your local DNS server which does not know about your home network names.

And possibly stops to be reachable at all, if it's not on a directly connected LAN and you direct all your traffic (0.0.0.0/0, ::/0) into the WireGuard Tunnel.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 01, 2026, 03:31:35 PM #4
YEs I have


[Interface]
PrivateKey = omitted
Address = 10.10.20.3/32
DNS = 10.10.10.1

[Peer]
PublicKey = omitted
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = omitted.duckdns.org:51820
PersistentKeepalive = 30

I thought DNS would not work at all if DNS = 10.10.10.1 was not set.
April 01, 2026, 05:07:23 PM #5
I
Quotethought DNS would not work at all if DNS = 10.10.10.1 was not set.

That is right. Because then it would try to use your local 192.168.1.1 DNS server, but since you force all traffic through the VPN, that DNS server is probably not reachable.
April 01, 2026, 05:59:40 PM #6
I figured out the issue



When I was connecting to the vpn my search path was disappearing.  None of my internal domains resolve with out the search path. 

on wifi
user@hostname ~ % cat /etc/resolv.conf
search lan.internal
nameserver 10.10.10.1

on WireGuard

user@hostname ~ % cat /etc/resolv.conf
nameserver 10.10.10.1



So the next question I had to ask was how do you add a search path to wireguard
I found it site. https://rakhesh.com/linux-bsd/wireguard-search-domain/

in the DNS servers box you have to add in "10.10.10.1,   lan.internal"
Now everything appears to be woking as expected.
Print
Go Up Pages1
User actions