Posted: Sat Dec 02, 2023 11:13 Post subject: [SOLVED] Wireguard and "Connection-specific DNS suffix&
TLDR: DNS suffix from modem showing up on router clients, but no DNS leak.
I have a Modem, and a DD-WRT Router on r54248 with Wireguard and a killswitch, and a freshly installed Windows Computer connected to Router. Modem has a router admin panel at something like modemadmin.com.
On computer, "ipconfig" before I first connect to Router shows no suffix. After connecting, it shows output like this.
Code:
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : modemadmin.com
I've tested on several websites and don't seem to have an actual DNS leak, but I do not want computers connected to the router to know about modemadmin.com at all. Wireguard on Computer showed that requests were being made to subdomains of modemadmin.com, but I think the router blocked them. I don't want this DNS suffixing.
I've tried with Archer A7 and NETGEAR R6700 on the same build and still have this issue.
I looked in the Wireguard client guide and VPN and DNS guide and am still confused.
No PBR, all traffic should be going through Wireguard. I also have a killswitch firewall command that is probably redundant.
Code:
Ignore WAN DNS: Enabled
Static DNS 1: 10.2.0.1
Static DNS 2: 10.2.0.1
Static DNS 3: 10.2.0.1
Use dnsmasq for DNS: Enabled
Recursive DNS Resolving (Unbound): Disabled
Forced DNS Redirection: Enabled
Forced DNS Redirection DoT: Enabled
Enable dnsmasq: Enable
Query DNS in Strict Order: Disable
DNS servers via Tunnel: 10.2.0.1
Kill Switch: Enabled
Last edited by bzwvyrd on Sat Dec 02, 2023 12:02; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Sat Dec 02, 2023 11:50 Post subject:
I do not think this has anything to do with WireGuard but instead is a DNS issue. so please correct the title of this thread.
First do not use DNS servers in Static DNS 1,2 and 3 which are not publicly available, that will prevent you from getting current time which might prevent the WG tunnel from starting up (or if you use encrypted DN getting DNs etc.)
If you specified a DNS tunnel in the WG interface than that will be used.
See the VPN and DNS guide.
WireGuard guides are a sticky in this forum.
Just set your own LAN domain on Services page.
Choose:
Used Domain: LAN & WLAN
Lan Domain: mydomainname
I do not think this has anything to do with WireGuard but instead is a DNS issue. so please correct the title of this thread.
First do not use DNS servers in Static DNS 1,2 and 3 which are not publicly available, that will prevent you from getting current time which might prevent the WG tunnel from starting up (or if you use encrypted DN getting DNs etc.)
If you specified a DNS tunnel in the WG interface than that will be used.
See the VPN and DNS guide.
WireGuard guides are a sticky in this forum.
Just set your own LAN domain on Services page.
Choose:
Used Domain: LAN & WLAN
Lan Domain: mydomainname
