Which DNS does wireguard client use by default?

Does it route all DNS requests through the tunnel so it will use the server side internet for DNS requests? Is it possible it uses the client’s public IP somehow?

I don’t have anything set under “DNS” section of the travel router which is the client. I also have “Block Non-VPN Traffic” and “Services from GL.iNet Use VPN” enabled.

Even though I have no custom DNS settings I see this in my client config:

Address =

AllowedIPs =, ::/0

I am not sure where that is coming from or how it affects things. I really just want DNS to be served by the router/modem on the server side.


That depend if you have explicit DNS servers set in the WG conf file or are using ‘Encrypted DNS’ (DOT/DOH).

Try it & find out first hand if you like:

All DNS requests expose your Public Internet IP to the lookup server. Use a VPN if you need to change that. is Cloudflare. By default in this case you should have received DNS fr the Upstream connection (GL GUI → Internet → $connectionType → DNS). Set your own if you don’t trust that (GL GUI → Network → DNS).

That is the default case if you don’t use a VPN that assigns its own DNS or have set an explicit DNS in the GL GUI (eg: Encrypted DNS).

sorry I am a little confused by your answer. I am using wireguard on gl-inet travel router and provided how its set up with the relevant config. now with this in mind and my specific set up, is this true?

i provided how the wireguard client is set up and the config file, so is that the case in mine?


Check IP Leak. That will tell you what DNS you’re using. Then look @ your settings; DNS is either set in the WireGuard conf, GL GUI → Network → DNS or automatically assigned by the upstream Modem/ISP/Wi-Fi Hotspot AP.

By default, if you do not change the Wireguard client config, it will pick a provider for you.

You can change that in the client config to whatever you like.

Just for others who may inquire: I have the WG providers’ DNS IPv4 in my Client conf. I also use ‘Encrypted DNS’ within the GL GUI. It keeps my chosen DNS provider consistent regardless of what WG/OVPN-based VPN provider I use.