Re: WireGuard behaviour with systemd-resolved

Re: WireGuard behaviour with systemd-resolved

[Lane Russell]

[-- Attachment #1: Type: text/plain, Size: 651 bytes --]

I'm not sure of the proper way to resolve this issue with systemd-resolved, but I was able to get to a more comfortable position in my case by disabling systemd-resolved and manually configuring my DNS servers in /etc/resolv.conf. Since the machine in question always sends all traffic over the VPN, I statically set the IP of the WireGuard server in the wg-quick config file so I wouldn't have to have public DNS in /etc/resolv.conf.

It appears that some testing is needed with WireGuard/wg-quick on systems using systemd-resolved. I'm happy to help test, but I'm not very familiar with systemd-resolved's inner workings, so I may be of limited use.

[-- Attachment #2: Type: text/html, Size: 951 bytes --]

WireGuard behaviour with systemd-resolved

[Lane Russell]

[-- Attachment #1: Type: text/plain, Size: 753 bytes --]

I've noticed some concerning behaviour using WireGuard on Manjaro GNOME. When the WireGuard interface is brought up, the system starts using the DNS servers provided in the wg-client.conf file. Intermittently however, internal DNS records will resolve using their public IP addresses. Using tcpdump, I'm able to see the system is using 8.8.8.8 and 8.8.4.4 for some queries. These addresses are configured as fallback DNS servers in systemd-resolved. They were acquired via DHCP before the WireGuard interface was brought up.

Is this an issue with WireGuard, or systemd-resolved? Based on what information I'm able to find, it appears there are some big concerns with how systemd-resolved handles DNS, so I'm more inclined to think the issue lies there.

[-- Attachment #2: Type: text/html, Size: 796 bytes --]