Wireguard - split tunneling, DNS

Hi,

Here is my problem. When I am working from home I use Wireguard to connect to work. In the configuration file I specified the DNS server (for example 192.168.100.6).
But that routes all DNS queries over that server. So I can’t reach my home lab while I am connected with FQDN.

I was thinking of different solutions:
1, Adding local IPs to my domain as a public DNS entry, but that seems a bad idea.
2, Using something on my computer to route DNS traffic (and set my computer as DNS)

What would be the best way to do it?

Thank you for the help!

I’m interested in this as well. You could try specifying domain resolution with PostUp as shown in this blog:
https://www.reox.at/blog/posts/wireguard_dns_only_for_vpn/

I’d like to know if that works properly for you.

Assign both remote and local DNS servers? That should allow the remote server to fail, computer then checks with the next in line (home) and should resolve for you.

#facepalm

So simple and works. Thank you!
Maybe the only issue, if I am traveling I have to update it. Or I have to add a public one like 1.1.1.1.

If the tunnel is connected, then it should (maybe) still use your local DNS through the tunnel. But I’m not certain on this one. Tether to phone (wifi off) and give it a try?

Well, this is a half-solution still. If I reverse the order and add the local DNS server first. Works. But I have issues with HA-Proxy. None of those are resolving.

I definitely need to test more.

I haven’t tested this but my understanding is that when you list multiple DNS servers it will only move on to the next if it fails to get a response from the first. If you get a ‘not found’ response from the first resolver, it will not go to the second.

Maybe I was switching back and forth too much. You are right. If I have 2 DNS servers specified, it works. Even with HA Proxy.