Fresh install of Kubuntu 20.04 (uses systemd-resolve by default) with Wireguard installed. I have a wg tunnel (going through a wifi interface wlp0s20f3) and all traffic is supposed to route through that tunnel and almost all of it does. However, DNS requests are routed through the wifi interface (wlp0s20f3) for some reason. Here is the wg configuration (wg0)
[Interface]
Address = 10.0.0.7/32
PrivateKey = [[PRIVATE KEY]]
DNS = 213.136.95.10,213.136.95.11
[Peer]
PublicKey = [[PUBLIC KEY]]
PresharedKey = [[PRESHARED KEY]]
Endpoint = [[IP:PORT]]
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
/etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf which looks as expected
nameserver 127.0.0.53
options edns0 trust-ad
search dlinkrouter
As soon as I establish the wg tunnel (wg0) I peek into /run/systemd/resolve/resolv.conf and see
nameserver 192.168.0.1
nameserver 213.136.95.10
nameserver 213.136.95.11
search dlinkrouter
The DNS of the Wifi network stays on top even though the wg0 DNS servers are added below it.
I run the following to make sure
$ resolvectl dns
Global: 213.136.95.10 213.136.95.11
Link 17 (wg0): 213.136.95.10 213.136.95.11
Link 2 (wlp0s20f3): 192.168.0.1
$ resolvectl domain
Global:
Link 17 (wg0): ~.
Link 2 (wlp0s20f3): ~. dlinkrouter
$ resolvectl query google.com
google.com: 172.217.17.238 -- link: wlp0s20f3
-- Information acquired via protocol DNS in 8.5ms.
-- Data is authenticated: no
https://www.dnsleaktest.com/ also reports the DNS leak.
There is nothing configured in /etc/systemd/resolved.conf.
A temporary work-around is to go to the NetworkManager and edit the network setting of the WiFi connection where I set IPv4 -> Method -> Automatic (only addresses) which does not take the DNS address from DHCP but I'd have to do that for every network I ever connect to which doesn't sound like a very good idea.
Any ideas on how to fix this are greatly appreciated.
