Wireguard policy based routing DNS requests

Hi everyone

I am a hobbyist with limited knowledge with my network setup in the following way:


Using policy based routing I have set up only certain IPs to go over the wireguard tunnel. Although this seems to be partly working I can't seem to figure out how best to setup DNS.

I have currently disabled 'DNS as advertised by peer' in the wan interface and put in the VPN DNS servers in as option dns 'x.x.x.x x.x.x.x' in the WG interface as well as DNS forwardings in the DHCP and DNS section.

With policy based routing turned off the WG becomes the default and ipleak.net shows the same IP for both IPV4 and DNS server. However, as soon as I turn policy based routing on, the DNS server mentioned on ipleak.net changes and DNS requests are no longer routed over WG both for IPs within and outside of the policy based routing rules.

How do I route all VPN DNS requests through the WG tunnel (as long as the tunnel is up, I only need a killswitch for certain IPs and do this through firewall rules) and have the IPs outside of the tunnel get DNS from WAN (or VPN as well if it is easier)?

The problem is solved when using DHCP option 6 on the lan interface and leaving DNS as advertised by peer switched on on the wan interface. No more DNS leaks when using VPN and otherwise uses WAN DNS

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.