Wireguard DNS queries through server?

[queeup]

Thank you for wireguard config file. I can't manage to work server's DNS. Do you know the address? How can I redirect DNS queries through wireguard server?

[jcreigh]

I'm not sure it's different than with normal wireguard setups? Unless I'm misunderstanding something, for normal DNS it should be sufficient to put the DNS server of your choice (say, 1.1.1.1/32 or whatever) under AllowedIPs like usual and it should redirect traffic for that server through the vpn when the vpn is started up.

[queeup]

If I use other DNS server, streaming platforms are detecting vpn usage because vpn server country and DNS country are different. If I use openvpn, DNS server and VPN are looking in the same country. Thats why I am asking if you know surfshark wireguard dns server's addresses.

You can test it your self with their dns leak test page.

[jcreigh]

Ahhh, that's what you mean. I didn't realize it had its own resolver and in retrospect that's pretty obvious I guess.

Try 151.236.14.64. It needs to be set in the AllowedIPs of the 2nd section (not the 1st Main Server section) of the script output). It only works via the vpn (duh), but the DNS leak check is all green for me when I use it. I'll probably add it to the script output tomorrow after I look into it a bit more.

It seems that maybe 194.156.228.111 should work too (I'm looking at the android app), but it didn't seem to want to respond.

[jcreigh]

The 172.16.0.36 address is also a DNS server, but only seems to resolve the *.prod.surfshark.com addresses. If you don't connect to that peer and use it to look up the second peer, the request will leak. Unfortunately, I don't think this can be done nicely via a wg-quick configuration.

[queeup]

Thank you for looking into this. Their android app with wireguard connection protocol is working properly. Without DNS leak. They hardcoded configuration to the cod I guess. I spoke with their support and they said they are going to release wireguard config files very soon. Their very soon is not soon enough though.

I don't think you need that Main Server for normal connectivity. I am using without Main Server (AllowedIPs = 0.0.0.0/0 on the second section). Without DNS section on the Interface no DNS resolve. If I put a public DNS, It works fine but with DNS leak.

[queeup]

OK I found the real problem on my end. My problem was missing correct DNS server ip addresses and also missing DNS addresses route to 0.0.0.0 on my router.

I guess you can get rid off Main Server peer. I don't know why are they hardcoded that to their apps as a second peer.

Summary is:

• Put DNS addresses to Interface (Not necessary surfshark's official apps obviously.)
• Route that addresses to 0.0.0.0 (Not necessary on the wireguard's official android app and surfshark's official apps.)

Working conf with correct DNS:

```conf [Interface] Address = 10.14.0.2/16 PrivateKey = [My secret key :)] DNS = 162.252.172.57, 149.154.159.92 ListenPort = 51820 [Peer] # Surfshark: Germany Berlin PublicKey = d3ldwEjnFcbLwD1o8uC5xC3DaSNek8DGeTpOb/h/IE4= AllowedIPs = 0.0.0.0/0 EndPoint = de-ber.prod.surfshark.com:51820 ```

[jcreigh]

@queeup

Sorry, just getting back to this.

What do you think should be added to the config output?

I can comment out the Main Server entry with a note explaining it (or just remove it) and add the DNS = 162.252.172.57, 149.154.159.92 to [Interface]

Is there anything else?

[queeup]

I have no idea why are they using it that Main Server. It works without it. Maybe we will have some idea if they are going to release wireguard config officially. Until then safe to remove. I suggest you to add that DNS addresses. Did you see my example here. If not click Working conf with correct DNS:

Nothing else.