<div dir="ltr"><div>I suppose at this point it's safe to share the DNS Haiku: <a href="https://www.cyberciti.biz/humour/a-haiku-about-dns/">https://www.cyberciti.biz/humour/a-haiku-about-dns/</a></div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, 11 Feb 2026 at 21:42, Khalid Baheyeldin <<a href="mailto:kb@2bits.com">kb@2bits.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div style="font-size:small" class="gmail_default">Thanks for the clues ... </div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">Here are the active interfaces:</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">This is an Ethernet port:</div><div style="font-size:small" class="gmail_default">Note that it says DNS Domain is lan.</div><div style="font-size:small" class="gmail_default">Perhaps that means queries to foo.lan only will go through it?</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default"><span style="font-family:monospace"><span style="font-weight:bold;color:rgb(0,0,0);background-color:rgb(255,255,255)">Link 3 (enp3s0)</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> Current Scopes:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> DNS
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> Protocols:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)">Current DNS Server:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> 192.168.0.1
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> DNS Servers:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> 192.168.0.1
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> DNS Domain:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> lan</span><br></span></div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">The Wireguard interface on the other hand has ~. as below:</div><br><div style="font-size:small" class="gmail_default"><span style="font-family:monospace"><span style="font-weight:bold;color:rgb(0,0,0);background-color:rgb(255,255,255)">Link 12 (wg0)</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> Current Scopes:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> DNS
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> Protocols:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)">Current DNS Server:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> 10.10.0.1
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> DNS Servers:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> 10.10.0.1
</span><br><span style="color:rgb(84,84,255);background-color:rgb(255,255,255)"> DNS Domain:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> ~.</span><br></span></div><div style="font-size:small" class="gmail_default">Both are default routes, but the domain is what sticks out.</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">Is the ~. a wildcard? <div style="font-size:small" class="gmail_default">If it is, does that mean "everything"?i.e. that all DNS queries will go through the VPN?</div><div style="font-size:small" class="gmail_default">Why did Wireguard force resolveconf to use the -x flag?</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">I don't want the VPN to be the default DNS.</div><div style="font-size:small" class="gmail_default">I want all DNS queries to go through enps30, and only domains ending with .priv to go through wg0</div><div style="font-size:small" class="gmail_default"><br><br></div></div><br></div>
</div>
_______________________________________________<br>
kwlug-disc mailing list<br>
To unsubscribe, send an email to <a href="mailto:kwlug-disc-leave@kwlug.org" target="_blank">kwlug-disc-leave@kwlug.org</a><br>
with the subject "unsubscribe", or email<br>
<a href="mailto:kwlug-disc-owner@kwlug.org" target="_blank">kwlug-disc-owner@kwlug.org</a> to contact a human being.<br>
</blockquote></div>