[kwlug-disc] Systemd resolv issue ...
Khalid Baheyeldin
kb at 2bits.com
Wed Feb 11 15:20:21 EST 2026
I think restarting Wireguard caused NetworkManager to force
systemd-resolved to restart.
A Wireguard restart effectively destroys the wg0 interface, and creates it
again.
And that cleared the issue I was facing.
This is what the logs show when Wireguard was restarted (note the
resolvconf, though it is wg0 specific)
Feb 11 09:35:36 ssp wg-quick[3410803]: [#] ip link add wg0 type wireguard
Feb 11 09:35:36 ssp wg-quick[3410803]: [#] wg setconf wg0 /dev/fd/63
Feb 11 09:35:36 ssp wg-quick[3410803]: [#] ip -4 address add 10.10.0.4/24
dev wg0
Feb 11 09:35:36 ssp wg-quick[3410803]: [#] ip link set mtu 1392 up dev wg0
Feb 11 09:35:36 ssp wg-quick[3410822]: [#] resolvconf -a wg0 -m 0 -x
Feb 11 09:35:36 ssp wg-quick[3410803]: [#] wg set wg0 private-key
/etc/wireguard/wg0.key
The -x option is as follows:
-x
This switch for "exclusive" operation is supported only partially. It is
mapped to an additional configured search domain of "~." — i.e. ensures
that DNS traffic is preferably routed to the DNS servers on this interface,
unless there are other, more specific domains configured on other
interfaces.
So perhaps all DNS queries are going over the VPN, regardless if they are
coming from a 10.10.*.* host, or 192.168.0.* one.
The /etc/wireguard/wg0.conf has the following:
[Interface]
Address = 10.10.0.4/24
MTU = 1392
DNS = 10.10.0.1
PostUp = wg set %i private-key /etc/wireguard/%i.key
[Peer]
PublicKey = foo
AllowedIPs = 10.10.0.0/24
Endpoint = a.a.a.a:51820
PersistentKeepalive = 15
My understanding is that DNS, only for that interface will be the 10.10.0.1
Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260211/a42ddbcc/attachment.htm>
More information about the kwlug-disc
mailing list