I just setup Unbound DNS on my home server (read: old laptop screaming for dear life next to my router). Everything is working well, I can access it and use it as my DNS server on my desktop which is connected to the same network as my server.
The issue is with trying to get my phone to use Unbound while connected to the same laptop through Wireguard. If I’m connected to the Wi-Fi and disconnected from Wireguard, I can nslookup on my phone using the Unbound server, but as soon as I’m connected through Wireguard it can’t access the DNS server.
I suspect it has something to do with the fact that I run Wireguard through Docker but Unbound is setup directly on the host machine, and the container isolation is what’s causing my issues. However, I tried adding
extra_hosts:
- "host.docker.internal:host-gateway"
to my docker-compose.yml for Wireguard, and tried accessing the DNS using the host IP inside the docker interface, but it didn’t work.
Does anyone have any leads or tips on how to properly configure this? Thanks in advance!
I think you misunderstood part of my post, because there’s only one VPN tunnel, from the WG client on my phone to the WG server on my laptop.
I want my phone to use the Unbound DNS server, which is hosted locally on the same laptop that runs my Wireguard server.
EDIT: Note, I don’t want to setup the DNS router-side via DCHP because I want to use Unbound to block a bunch of stuff that my roommates use, like Facebook.
Ah, okay. If this is Android, just setup your Unbound host IP under ‘Private DNS’ on your phone then.
Note: this will cause issues once you leave your home network unless your WH tunnel is available from outside. Set the secondary DNS to Mullvad or another secure DNS provider if that’s the case and you shouldn’t have issues once leaving the house.
Depending on your router, you can also just set a static DHCP reservation for your phone only that sets these DNS servers for you without affecting all other DHCP devices.
Android doesn’t let me add an IP address under private DNS, it needs to be a domain (like dns.quad9.net rather than 9.9.9.9).
I tried adding a quick DuckDNS domain to my reverse proxy towards port 53, where Unbound is listening. It works, as in I can nslookup using the DuckDNS domain on my desktop (or on my phone when not connected to Wireguard) but if I try to set that domain as my private DNS on Android it says it can’t connect, whether or not I’m on my VPN.
Okay, let me just clarify some stuff here because your language has been confusing.
You’re using a “VPN”, but on a local network. When you say “VPN”, people assume mean you’re using a client to a remote location. That’s super confusing.
For what you’re trying to do you don’t even need WG unless you mean to use your DNS server from elsewhere.
Please clarify these two things, but I think you’re just complicating a simple setup for an ad blocking DNS server somehow, right?
The reason for the VPN is to have access to my Unbound DNS on my phone from anywhere, not only my local network. If I just wanted to configure the DNS on my local network, I’d set up static IP for my network in Android’s settings and input the DNS server manually. This works fine when I set it up, but like I said I want to use Unbound on my phone anywhere via Wireguard.
I’m not sure what’s the second thing you want me to clarify! Sorry for the confusion, I appreciate you trying to help out :)
So then just open the Unbound server to the internet, assign a hostname to it, and use it. Simple.
I could do that, but I want to avoid opening ports on my router’s firewall apart from the one necessary for Wireguard. I can access all my other stuff through Wireguard, but I can’t wrap my head around why it seemingly can’t access Unbound on the local host.
Well that’s how the Internet works, bud. You’re opening a port for WG to start. Either make that work and correct your routing, or find another solution.
You’re not going to be stealthy by making this overcomplicated. You’re just adding extra steps. You don’t want to use DHCP to its benefits locally, and you don’t wantbto open ports…what magic do you want to happen here?
I’d rather not open ports I don’t have to. I don’t see why I’d have to open a port when Unbound works on my local network and I have access to my local network via Wireguard. I can access a whole slew of services through that one Wireguard port, why wouldn’t Unbound work?
Thanks anyway for trying to help, bud.