Update: now using dhcp.@dnsmasq[0].noresolv
.
A followup to my previous comment.
I solved the issue in /etc/init.d/wireguard by checking if Stubby is enabled and if it is, removing the entry from the dnsmasq forwarders list and setting dhcp.@dnsmasq[0].noresolv=0
to force dnsmasq to use /tmp/resolv.conf.vpn.
When disconnecting from the VPN I revert the DNS forwarder value back to the default Stubby forwarding address (127.0.0.1#53535
) and revert back to dhcp.@dnsmasq[0].noresolv=1
to ignore /tmp/resolv.conf.auto.
If DNS over TLS (and Stubby) is not used then the /tmp/resolv.conf.auto and /tmp/resolv.conf.vpn files will be used instead. Below is the patch file with my edits.
--- wireguard.orig 2021-05-18 01:12:07.000000000 +0200
+++ wireguard 2021-05-18 10:58:47.000000000 +0200
@@ -18,6 +18,7 @@
ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"
ipv6_enable="$(uci get glipv6.globals.enabled)"
mode6=$(uci get glipv6.lan.mode)
+stubby_enable=$(uci get stubby.global.enable)
proxy_func()
{
@@ -115,6 +116,11 @@
echo -e "nameserver $dns" > /tmp/resolv.conf.vpn
fi
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.vpn'
+ # Replace Stubby forwarder with VPN DNS
+ [ "$stubby_enable" = 1 ] && {
+ uci delete dhcp.@dnsmasq[0].server
+ uci set dhcp.@dnsmasq[0].noresolv=0
+ }
uci commit dhcp
/etc/init.d/dnsmasq restart
else
@@ -377,6 +383,12 @@
[ -f "/tmp/resolv.conf.vpn" ] && {
rm -rf /tmp/resolv.conf.vpn
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
+ # Restore stubby forwarder
+ [ "$stubby_enable" = 1 ] && {
+ uci delete dhcp.@dnsmasq[0].server
+ uci add_list dhcp.@dnsmasq[0].server='127.0.0.1#53535'
+ uci set dhcp.@dnsmasq[0].noresolv=1
+ }
uci commit dhcp
/etc/init.d/dnsmasq restart
}
@@ -538,6 +550,12 @@
[ -f "/tmp/resolv.conf.vpn" ] && {
rm -rf /tmp/resolv.conf.vpn
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
+ # Restore stubby forwarder
+ [ "$stubby_enable" = 1 ] && {
+ uci delete dhcp.@dnsmasq[0].server
+ uci add_list dhcp.@dnsmasq[0].server='127.0.0.1#53535'
+ uci set dhcp.@dnsmasq[0].noresolv=1
+ }
uci commit dhcp
/etc/init.d/dnsmasq restart
}
@@ -631,6 +649,12 @@
[ -f "/tmp/resolv.conf.vpn" ] && {
rm -rf /tmp/resolv.conf.vpn
uci set dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
+ # Restore stubby forwarder
+ [ "$stubby_enable" = 1 ] && {
+ uci delete dhcp.@dnsmasq[0].server
+ uci add_list dhcp.@dnsmasq[0].server='127.0.0.1#53535'
+ uci set dhcp.@dnsmasq[0].noresolv=1
+ }
uci commit dhcp
/etc/init.d/dnsmasq restart
}