this post was submitted on 30 Oct 2023
5 points (57.6% liked)

Programming

17325 readers
119 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
5
[WireGuard] Do I have to use my own DNS on a VPS in order to avoid DNS-leaks? (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by salvador@lemmy.world to c/programming@programming.dev
23 comments fedilink hide all child comments
 

I connect to a WireGuard installed on my VPS. Then I go to a random VPN service marketing page on which I'll discover that my DNS leaks. And which is correct because I've specified DNS = 1.1.1.1 in [Interface] for all the Peers.

In order to avoid DNS leakadge, do I have to a) run DNS server on the a VPS -- along with WireGuard, and b) use this one and only it, instead of 1.1.1.1?

But if so, how will this possibly work?

[Peer]
PublicKey = [....;....]
PresharedKey = [......]
Endpoint = wg.my_domain123.com:51820

In order to resolve Endpoint of my VPS to begin with, other DNS server will have to be used -- by IP. But there'll be none because I'll use a DNS on my VPS instead of 1.1.1.1. In other words, it'll be a circular dependency.

you are viewing a single comment's thread
view the rest of the comments
[–] wgs@lemmy.sdf.org 2 points 1 year ago (3 children)

Keep in mind that using your own VPS as a VPN doesn't bring anonymity. You're simply replacing one IP tied to your name (your ISP) with another one (your VPS).

You hide your traffic from your ISP, and delegate it to your VPS provider.

This will be the same for your DNS. If you want true anonymity regarding DNS, you should use someone else's service, preferably over encrypted channels, eg. cyberia.is DoT.

I personally use it as a forwarder from a box inside my home (along with others), and use this box as the local DNS when I'm home. This way I know that all DNS traffic is encrypted, and doesn't leak anything to my ISP or VPS or whatever.

[–] atheken@programming.dev 2 points 1 year ago* (last edited 1 year ago)

Of course, you have to trust that third party, which may/may not be prudent.