You are not logged in.

#1 2020-03-15 19:36:04

brofjst
Member
Registered: 2018-07-09
Posts: 43

[SOLVED] Wireguard cannot resolve dns

I've just set up wireguard but it can't resolve dns.
i can ping the server, i can ping 8.8.8.8 but i can't ping google.com
Server conf

[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = my_private_key

# note - substitute eth0 in the following lines to match the Internet-facing interface
# if the server is behind a router and receive traffic via NAT, this iptables rules a$
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 $
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth$

[Peer]
# fisso
PublicKey = public_key
PresharedKey = preshared_key
AllowedIPs = 10.200.200.2/32

client conf

[Interface]
Address = 10.200.200.2/24
PrivateKey = private_key
DNS = 10.200.200.1

[Peer]
PublicKey = public_key
PresharedKey = preshared_key
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = public_ip:51820

networkmanager 1.22.10-1

/etc/NetworkManager/conf.d/rc-manager.conf

[main]
rc-manager=resolvconf

/etc/resolv.conf with wg0 down

# Generated by resolvconf
nameserver 8.8.8.8

/etc/resolv.conf with wg0 up

# Generated by resolvconf
nameserver 10.200.200.1

Last edited by brofjst (2020-03-16 12:01:05)

Offline

#2 2020-03-15 19:47:45

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] Wireguard cannot resolve dns

Check the DNS server running on 10.200.200.1 and any possible firewall settings.

Last edited by schard (2020-03-15 19:55:16)

Offline

#3 2020-03-15 20:15:32

brofjst
Member
Registered: 2018-07-09
Posts: 43

Re: [SOLVED] Wireguard cannot resolve dns

Server /etc/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

i've tried to disable both firewalls (on server and client) but the issue persists
The server is a VPS

Last edited by brofjst (2020-03-15 20:18:08)

Offline

#4 2020-03-15 20:17:53

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] Wireguard cannot resolve dns

That's not what I was asking for. Check the DNS server i.e. bind9 or dnsmasq or whatever you are running on 10.200.200.1, which is your configured DNS server.

Last edited by schard (2020-03-15 20:18:13)

Offline

#5 2020-03-15 22:24:19

brofjst
Member
Registered: 2018-07-09
Posts: 43

Re: [SOLVED] Wireguard cannot resolve dns

/etc/bind/named.conf.options

acl goodclients {
        10.200.200.0/24;
        localhost;
        localnets;
};

options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Offline

#6 2020-03-16 08:26:59

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] Wireguard cannot resolve dns

I'm missing something like

allow-recursion { goodclients; };

Offline

#7 2020-03-16 12:00:41

brofjst
Member
Registered: 2018-07-09
Posts: 43

Re: [SOLVED] Wireguard cannot resolve dns

the issue is solved, i had a bad iptables rule, thanks for the support!

Offline

#8 2022-03-05 20:13:27

archlinux.z60kq
Member
Registered: 2022-03-05
Posts: 1

Re: [SOLVED] Wireguard cannot resolve dns

brofjst wrote:

the issue is solved, i had a bad iptables rule, thanks for the support!

I think I have the same issue. What should be the correct iptables rules?

Offline

Board footer

Powered by FluxBB