DNS via WireGuard in advanced mode

[Terrance]

In Simple mode for WireGuard, all DNS requests are routed via the proxy. In Advanced mode, the main DNS choice applies for apps both included and excluded in the routing (according to Logs > DNS and the description of advanced mode), and there's no option to use WireGuard for DNS explicitly.

I'd expect/like DNS requests for included apps to also be routed through the proxy.

Context: I'm using a WireGuard proxy in order to access local web services in a handful of apps, but I need the DNS to resolve for those apps at least (local DNS resolves additional subdomains of a "real" domain to internal IPs).

[ignoramous]

This inability to per-app split-tunnel DNS is an Android limitation (Android forwards DNS queries to Rethink on behalf of all apps and hence to Rethink it appears as if all DNS queries were sent by the OS).

We did lay the ground work in the network engine to do split-tunnel DNS in userspace (#270) but it is too complicated to handle all use-cases (the UI would need just too many knobs).

[Terrance]

Would an option to use WireGuard for all DNS whilst in advanced mode be feasible?

[ignoramous]

Would an option to use WireGuard for all DNS whilst in advanced mode be feasible?

As in, redirect ALL DNS queries through to a particular WireGuard's DNS? Yes, it is possible. We'll see if we can do this. Ideally, we'd want to complete our implementation of per-app split-tunnel DNS itself. There's so much to do, and not enough time.

We are also thinking about letting users "pin" domain names to preset DNS upstreams:

• 1153

[Terrance]

As in, redirect ALL DNS queries through to a particular WireGuard's DNS?

Yes -- I'm running Blocky DNS with an internal zone for a service domain, so being able to use that via WG to benefit from the block lists / custom DNS entries would be nice.

letting users "pin" domain names to preset DNS upstreams

That would also work in this case (assuming WireGuard is one of the choices), so I've added a +1 there.