On my client, DNS would work until I enabled Wireguard. It should have routed through the Wireguard tunnel (10.5.0.1 below) but it wasn't - or it was and it was hitting a dead end!
So I ssh'd into the Wirgeuard server and checked the DNS resolution routes.
(Just a reminder 10.100.100.1/24 is the Wireguard subnet, 10.5.0.1/24 is the router the Wireguard server is attached to.)
It turns out, it was an issue to have DNS defined under wg-net! I'm pretty sure it was leading to the wireguard server getting confused on what interface to use for DNS queries!
So I removed the DNS record
Confirmed it was removed
$ sudo resolvectl status Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Current DNS Server: 10.5.0.1 DNS Servers: 10.5.0.1 Fallback DNS Servers: 220.127.116.11 Link 2 (eth0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 10.5.0.1 DNS Servers: 10.5.0.1 Link 3 (wg-net) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
And DNS was now working when I was connected to Wireguard!
Why DNS was originally broken under Wireguard
I had included
DNS = 10.5.0.1 in my
wg-net.conf file thinking it was needed. Turns out that was not only not needed but the root of my issues!