You are not logged in.
- Topics: Active | Unanswered
#1 2025-10-25 14:49:39
- doupod
- Member
- Registered: 2012-09-06
- Posts: 75
Incorrect DNS resolvers post-suspend (Wireguard + NetworkManager)
Hi,
I am using NetworkManager to handle both my wired/wireless network connections as well as my Wireguard VPN. I noticed a weird behavior when going into suspend:
1/ Connect to wired/wireless and then use NetworkManager to connect to Wireguard. DNS are correctly set and only use the DNS provided by Wireguard interface.
2/ Go to suspend, while leaving everything connected as is.
3/ Restore from suspend. NetworkManager will restore the wired/wireless connection as well as the Wireguard tunnel. DNS will be incorrect and /etc/resolv.conf will contain both the DNS resolver provided by the direct uplink (wired/wireless) as well as the DNS from the Wireguard tunnel. Then, I have DNS leaks.
It only happens when going across suspend and back online. I could not find any specific configuration to fix it, including in the wiki.
Would you know how to properly fix this?
Thanks!
Offline
#2 2025-10-25 15:12:39
- -thc
- Member
- Registered: 2017-03-15
- Posts: 1,059
Re: Incorrect DNS resolvers post-suspend (Wireguard + NetworkManager)
This sounds like an oversight (on NetworkManagers part) when using NM/WireGuard as default route/DNS via NM. I suspect NM renews the Wired/WiFi DHCP lease and sets the DNS server again - but that's just my guess.
I use NM/WireGuard as default route/systemd-resolved and this combo doesn't show that behavior.
Offline
#3 2025-10-27 20:33:05
- doupod
- Member
- Registered: 2012-09-06
- Posts: 75
Re: Incorrect DNS resolvers post-suspend (Wireguard + NetworkManager)
Should I report this upstream to NetworkManager then? Or is there any hope for a special configuration to solve this race condition?
I use NM/WireGuard as default route/systemd-resolved and this combo doesn't show that behavior.
But this is a permanent setup, right? Not something you quickly enable/disable on the fly?
Offline
#4 2025-10-27 20:56:46
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 70,981
Re: Incorrect DNS resolvers post-suspend (Wireguard + NetworkManager)
We should probably first eliminate the guesswork about what's going on.
Cause the problem and then please post your complete system journal for the boot:
sudo journalctl -b | curl -F 'file=@-' 0x0.stOffline
#5 2025-10-31 16:56:59
- GeneArch
- Member
- Registered: 2013-07-28
- Posts: 104
Re: Incorrect DNS resolvers post-suspend (Wireguard + NetworkManager)
I have seen quite a few problems with DNS being replaced while wireguard is running.
When I built my wg-client application (it makes starting / stopping wireguard simple for any user ), it monitors /etc/resolv.conf using inotify. When it detects DNS resolv.conf has changed underneath it, it restores the correct resolv.conf appropriate while wireguard is running. On exit it restores the non-vpn resolv.conf.
In case it's helpful wg-client is in the AUR and pdf docs are available on Github.
It might help solve your issue.
Offline