I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I’ll discover that my DNS leaks. And which is correct because I’ve specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS – along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?


But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used – by IP. But there’ll be none because I’ll use a DNS on my VPS instead of 1.1.1.1. In other words, it’ll be a circular dependency.

    • towerful@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Use the IP address of your vps instead of a domain name for the wireguard config.

      Edit:
      Just to make this absolutely clear and remove all doubt.
      If wireguard is trying to connect using a domain name, the domain name will need to be resolved, which will likely require initial DNS queries to establish the IP address behind the domain name.

      If you configure wireguard to connect directly to the IP address of the VPS, there is no need for a DNS lookup.

      So no, I’m not assuming your VPS is running a DNS.
      Wind your neck in before you embarrass yourself.

      • salvador@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        Even if I I used an IP of my VPS server to connect to it, how will a client be resolving websites afterwards? You idiot.

        • towerful@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Using a DNS server, somewhere. Unless you manually gather the required IP addresses of whatever services you want and build up a hosts file, like how the original ARPANET worked.

          The requests will come from somewhere and go somewhere. There is not magic “you don’t see me” domain resolution system. Even DoH or DoT, you have to trust the resolving server isn’t going to track you.
          Whether that request is to a DNS server you run on an IP linked to you (which will recursively resolve any uncached domains), or from the gateway of your VPN to a DNS server you do not run… It’s always going to come back to an IP address of a VPS that is linked to you.

          I don’t get what you are trying to do, you haven’t explained it well, and your being hostile as fuck all over the thread.

          If you really want anonymity, use TOR?
          Other than whatever-the-CIA/NSA/MI5/MI6/5-eyes is doing with timing attacks and their own relay/exit nodes, that’s about as anonymous as you can get

          • salvador@lemmy.worldOP
            link
            fedilink
            arrow-up
            1
            arrow-down
            4
            ·
            1 year ago

            You’ll be learning soon what I’m up to, you stupid fuck. Soooooonnn. Ahhhaaahhhaaa

            • TexMexBazooka@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Bruh after scrolling through your comments for entertainment value, I had to stop by and personally talk shit-

              You are by no means intelligent enough to be any kind of threatening. Stop making a fool of yourself.

              Or continue. It’s honestly funny.

              I will take no further questions.