I read through some posts but I still don’t really get it.
I’m using Wireguard Home on the 4.8.3 Gl-inet firmware version + a vpn provider. So far, all seems to work fine. dns’s leak test are not showing anything else, other than the vpn server(s) that is currently set for the vpn tunnel the client is connected to.
Questions:
I set the two dns addresses of my vpn provider as upstreams on Wireguard Home. The provided vpn dns servers have this format xxx.xx.xx.xxx. Isn’t that the usual format for unencrypted traffic? How can it be that a vpn provider isn’t providing encrypted servers like https:// or tls://?
In lucy i changed the dns 1 and dns 2 for the wan port from my internet provider to the dns of my vpn provider. That should be an editable setting under the glinet gui imo (Internet –> Modify) but it can’t be done here. Probably Glinet thinks that the avarage user will only mess something up here. Are those encrypted from the go by glinet? Even if an unecrypted dns format has been set?
I have read in other threads that there is a setting to encrypt dns under: Network>DNS>Encrypted DNS. I can’t find that option in my glinet screen. I only see these options: DNS Rebinding Attack Protection, Override DNS Settings of All Clients, Allow Custom DNS to Override VPN DNS.
As i wrote above, the dns leaktest are only showing the vpn servers from the chosen country. So it looks good, but is the traffic to the dns servers encrypted?
I am sure for some users this is all boring stuff but i would really appreciate to learn from you.
I did my best to set it up this way but i know nothing about the functionality and the order the system handles those requests and if one false setting for the wan dns can mess up the hole chain, or the switch for secure dns that hasn’t been activated because i can’t find it under the dns settings…?
WireGuard does not support encrypted DNS, so only unencrypted UDP DNS servers can be specified in its configuration file.
By default, the DNS obtained from the WAN is used only when Network → DNS is set to Automatic. If you configure custom DNS servers or use encrypted DNS, the WAN-provided DNS will be used only by the router itself, while LAN devices will use the custom or encrypted DNS instead.
Please check whether Applications → AdGuard Home is enabled.
Once enabled, DNS requests will be handled by AdGuard Home, so other related configuration options will be hiden.
If your goal is simply to ensure that all DNS queries are encrypted—including those sent through the VPN tunnel—you can:
Enable “Allow Custom DNS to Override VPN DNS” under Network → DNS
Configure encrypted DNS under Network → DNS
Or, if using AdGuard Home, set encrypted DNS as the upstream DNS server within AdGuard Home itself