Using OpenDNS in combination with WireGuard

Hello everyone,

I'm having some trouble setting-up Wireguard in combination with using OpenDNS as DNS resolver.
In my configuration I disabled using peerdns on the WAN interface, and I set-up the DNS servers to be used to: 208.67.220.220 and 208.67.222.222 respectively.
In my firewall configuration I enforced the use of this DNS server by re-routing all requests to ports 53, 853 and 5353 to the router (dnsmasq) itself, which uses the OpenDNS servers for it's WAN interface.
Without using Wireguard, everything is working perfectly.
Websile welcome.opendns.com shows everything successfully set-up.

Problem is when using my Wireguard tunnel for the router, so all traffic behind the router is routed through the VPN, the use of OpenDNS is no longer enforced.
Doing a traceroute on for example google.com shows that my request initially goes to my router IP:192.168.99.1, but then goes toe 10.64.0.1 afterwards (which is the internal IP of the VPN [Mullvad] in my case)
Is there a way to prevent these DNS queries from going through the Wireguard tunnel?
I know this creates DNS leaks, but that's not really a big deal for me.
Hopefully somebody is able to help me out with this configuration problem.

Greetings Jasper

It is expected that if you force all traffic over vpn packets to OpenDNS will also use the tunnel.
However OpenDNS will be used to resolve anyway, since these are the nameservers configured.
If you don't want this traffic to go through the vpn, just a couple of static routes for these 2 addresses to use wan interface.

1 Like