DNS Resolution over WireGuard vs OpenVPN (NethSecurity)
I’m not a network expert, but I’ll try to describe the setup as clearly as possible.
I’m using NethSecurity 8.7.1 on two sites.
An OpenVPN tunnel connects them, providing access to the local LANs on both ends.
Local DNS resolution is handled by NethSecurity’s internal DNS service.
Each site has DNS forwarding configured for the other:
- Site A:
/site.b/ → 10.1.0.1 - Site B:
/site.a/ → 10.0.0.1
To make DNS resolution work over OpenVPN, I had to manually add the rebind_domain option.
It would be great if this option could be exposed through the UI.
Problem
When switching from OpenVPN to WireGuard, DNS resolution no longer works — although other services (e.g., SSH) work fine.
Here’s the setup:
Site A
LAN IP: 10.0.0.1 (NethSecurity)
DNS forwarding: /site.b/ → 10.1.0.1
WireGuard: 172.16.1.1 (wg1)
Routes: 10.1.0.0/16, 172.16.1.0/24
Site B
LAN IP: 10.1.0.1 (NethSecurity)
DNS forwarding: /site.a/ → 10.0.0.1
WireGuard: 172.16.1.2 (wg1)
Routes: 10.0.0.0/16
Behavior
From Site A:
dig @172.16.1.2 test.site.b
Result:
;; communications error to 172.16.1.2#53: timed out
From Site B:
tcpdump -i wg1 port 53 -vv
Result:
172.16.1.1.33163 > 172.16.1.2.53: [udp sum ok] 25607+ [1au] A? test.site.b. ar: . OPT UDPsize=1232 [COOKIE 5c7a3f128b0f2737] (65)
Question
Is this behavior intended, or am I missing something in the WireGuard configuration that prevents DNS queries from working across the tunnel?