Setting up a system-wide Wireguard DNS server

2024-12-06

I wanted the DNS located in my Wireguard VPN to be the default one for my systems.

NetworkManager is managing my DNS at the moment.

I am using Arch Linux and I haven’t changed this configuration since install, so I guess this is the default config. I need to disable that.

Disable NetworkManager DNS management:

# /etc/NetworkManager/NetworkManager.conf
[main]
dns=none

Restart NetworkManager:

systemctl restart NetworkManager

I wanted systemd-resolved to manage my DNS servers.

Add this in /etc/systemd/resolved.conf to have quad9 servers as defaults:

DNS=9.9.9.9
FallbackDNS=149.112.112.112#dns.quad9.net 2620:fe::9#dns.quad9.net

Restart systemd-resolved:

systemctl restart systemd-resolved

Finally I set some wireguard VPN PostUp and PostDown directives for editing and restoring my /etc/resolv.conf file when I use my VPN. This is my wireguard conf:

[Interface]
Address = <ip address for vpn interface>
PrivateKey = <priv key>
DNS = <ip address of vpn dns>
PostUp = echo 'nameserver <vpn dns ip address>' > /etc/resolv.conf
PostUp = resolvectl dns %i <vpn dns ip address>
PostUp = resolvectl domain %i "~."
PostUp = resolvectl default-route %i
PreDown = systemctl restart systemd-resolved
PreDown = resolvectl revert %i

[Peer]
PublicKey = <pubkey>
Endpoint = <dns server ip or domain>
AllowedIPs = <allowed ip for the vpn>

All programs seem to use the right DNS now.

Hope it stays that way.

Reply to this post by email ↪