Hy,
im not say he use a ather DNS im only 100percent sure
my dns request not goes trough the wg0 tunnel
If i used dns leak test i see the upstram server that i used in my pi holi
if i used a vpn only for geoblocking thats fine, but if i use it
for privacy or in look of what is technical possible...
i have to say that my ISP still now my DNS requests(if he will and safe all traffic thats goes trough him, what i dont think so)!
Don't tell me you are using a public IP.
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
i thought it was clear that the vps not standing in my livingroom
I have now do the extendet test via dnsleaktest and there i see 10-12 USA upstream server that used my pihole and 3 german server from my ISP( thats the Server im see in my pi hole as query log too)
Anyway im now looking for DoH my request to my VPS
You should not use VPS public IP as DNS since it is routed to WAN as the VPN endpoint:
Ok ok is that the problem for the leak?
i will put out
vps server via 192.168.2.1 dev wan
and what i must put in for that?
Yes.
This route is necessary for the VPN endpoint.
Just specify a different IP for DNS.
Mhh also i cant put it out...?
Just specify a different IP for DNS.
in the config? how i do that?
the ip for dns should be my vps server...
But you cannot use your public external IP address of the VPS!
Your VPS should not even listen and answer DNS queries on its external address and if it does you probably have a security/firewall issue.
You use the internal IP address of the VPS which can only be reached if you use the tunnel, you can also use the WG address of the server, make sure the DNS server listens on the WG interface.
Ok but if i use a debian OS as wireguard client and use my public ip from vps as DNS server
it worked for me and for pi hole in web gui that is a loacl request from 10.8.0.2(wg client)
But im happy to hear that there is maybe a solution for my problem?
But be lenient with me must of the network rules i dont understand as you people!
I hope anybody can say me now what i have to do that it worked without leaks
i install https_proxy_dns and with that i have no leaks too but i cant change the upstream dns to my pi hole...
But that was a expedeint...
It could if your VPS has NAT redirection (aka Hairpinning) enabled and then only from the inside of the tunnel but never from the outside as your DNS server should not listen on the WAN interface and your firewall should block it too.
I already wrote what you can do, just use the VPS internal IP address as DNS server 
I already wrote what you can do, just use the VPS internal IP address as DNS server
Thank you
I have in that config replace the vps server withe the 127.0.0.1(internal vps server ip)
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns 'vps server'
But now im not able to resolv DNS
Is there more to do?
HELLO,
im so Happy 
Thanks to all of you!!!
I have set list dns to 10.8.0.1(the wireguard server ip)
now all works great
Great 
For your information your VPS has an internal IP address akin the LAN address of your router so something like 192.168.x.x. or 10.x.x.x (172.16-31 is also possible but less often), ifconfig from SSH into the VPS should give you some more information but using the WG server address like you do is excellent so just keep it at that
Please mark @vgaetera's reply as the solution.
Mark topic as SOLVED:
If you have a working solution for your use case please mark that solution as solved:
Thanks
I have no pencil 
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.