I have been using wireguard for a long time without any issues.
Suddenly it stopped working, and of my friends tried an alternative DNS which worked, and turns out that I have been using the faulty DNS (64.6.64.6).
So I understand that DNS server is used for name resolution, and it is typically assigned by the ISP.
But, here is my question:
Why does Wireguard on GL-INET not use the DNS server provided by the ISP?
What can I do to ensure that this DNS problem does not happen again?
Why did the DNS Server that my wireguard was using went down?
Can using a different DNS server somehow reveal my actual location?
Why did not, by default wireguard use the google DNS server, considering it is one of the best?
When I enable āManual DNS Server settingsā as an option in GL-Inet UI config, it says āLeave blank to auto choose DNS Serversā .
Should I select this? Considering GL Inet is deciding it, this certainly sounds good to me.
=====================
My wireguard Config:
[Interface]
Address = 10.0.0.3/32
ListenPort = 34061
PrivateKey = aOMTCuzaFdyGwMCGb5ekEjmWm1OImuisYIoY91C5lnU=
DNS = 64.6.64.6
It does as long as its needed, but only if the DNS on your router is set to the ISP one. Mostly wireguard will work with IPs instead of DNS - depends on the config.
Choose an trustworthy DNS server.
Ask the DNS server owner
Yep, but this is a general problem. Itās called DNS leak. Using wireguard is a bit dangerous anyway because the internet will just switch to normal internet if the VPN connections is down. (As long as your client does not support to cut the internet off if there is a problem)
Itās not one of the best. Itās one of the most stable an reliable ones - but definitely not the best. If you use VPN for privacy reasons you should avoid Google DNS like a devil avoids holy water.
Well, this depends on your needs. Mostly I would say āYesā but itās up to you. Using the ISPs DNS is a problem in privacy as well. You can choose any trustworthy one - for example your own DNS service (like AdGuard DNS, paid) or one of your local IT privacy group - if something like this exists in your country.
Since you posted your whole wireguard config (even with the private key, which is used as an password) you should delete the whole wireguard account and create a new one - for safety reasons.
Please keep in mind that DNS is a client thing. So you can always choose a different DNS on your client which could raise or lower your privacy.
I am working from a different country and donāt want to reveal my location, that is my need.
Would āManual DNS Server settingsā be a good, reliable option in this case?
What DNS address would you recomment?
Let me ask the next question to understand your needs better. Who is the one that should not know your location? The company you work for? Your ISP? The government?
If itās just the company you could choose any DNS you like. They wonāt recognize it because the DNS traffic takes many routes before it gets to them. In that case Google DNS (8.8.8.8) or Quad9 (9.9.9.9) or Cloudflare (1.1.1.1) is totally fine.
I got somewhat confused by this. In the configuration above, since we mention field DNS explicitly in config, it should be a āserver thingā right?
I believed that the GL INET server will decrypt the requests with the domain name and then use IP for the resolution. Is that correct?
Thanks. Mostly the company but it would be helpful if ISP in client country does not know as wellā¦ Although I am happy with company not knowing I am curious to know the solution for hiding it from ISP, because I am thinking of vacationing to other countries.
I am not totally sure about how DNS works with wireguard but I would assume that itās just an option that gets pushed to to client. It depends on the client to use the DNS server you selected.
There are even situation where you want to speak to different DNS servers the same time - called Split-DNS. (Often used for company-VPNs)
All in all I would not be too scared about DNS because location tracking based on DNS is not common and more like āI need to hide myself because the CIA is trying to catch meā
