I installed Wireguard and setup router as VPN client. I need to have access to remote local network with 10.0.0.0/24 IPs. Now I have access to this local network but only for direct IP-addresses. I can do ping 10.0.0.1 and it works. But I can't setup DNS. ping hostname.netname is not working. If I up VPN on my host connection access to local net by domain names works. It means that problem with router settings. I tried to add DNS server to dnsmasq server list but no success. So how to fix DNS?
Also, the client must be configured to use a LAN based DNS server. Wireguard does not push any configuration to clients, so it must be set on the client directly.
Because this method aggregates upstream DNS from all interfaces and queries them randomly.
Both positive and negative replies are considered valid, so the result is defined by the timing.
This is actually how it works. If a client makes a request to any IP held by the router where dnsmasq is running (and the firewall does not block it), dnsmasq will process it. Note that the client decides which DNS server to use. This is usually done by advertising a DNS server in DHCP-- by default, an OpenWrt router will advertise itself. But Wireguard has no such mechanism. A Wireguard client needs to be configured manually or with some other out of band method.
If the router's dnsmasq process receives a request for a locally known name-- either DHCP assigned or in the hosts table, dnsmasq answers it directly.
If the name is not locally known, dnsmasq forwards (recurses) the request to ONE other server, as configured in the router's configuration. This is a very important point. Though it is possible to have a list of upstream servers (by specifying one or more on one or more interface configurations), only one will be consulted. If that server does not know the name (NXDOMAIN), that is the end of the process, and the client receives an answer of NXDOMAIN. Additional servers are only consulted if the first one tried completely fails to answer-- i.e. it is offline.
It is possible to have dnsmasq make certain domain requests to one server and the rest to the default list. They both operate as before, if the reply is NXDOMAIN, additional servers are not consulted.
This should be clear now. All that that setting does is add another server to the default list. If it is not the one chosen for a particular query, you will get a NXDOMAIN from one of the others, and the local site is not found. If it is the one that is checked, it needs to be ready to answer for all domains not just internal ones.
Thanks for detailed explanation. I remove network.wg0.dns='10.0.0.1'. Atm VPN with DNS works on Linux. But in Windows DNS resolving still is not workinging.