What's new

Unbound + Wireguard: is this combination possible at all?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

louisschneider

New Around Here
Apologies if this has been answered already, tried to search, but did not turn up any useful results.

I'm in a country where the authorities are pretty unfriendly, so any sane person must use VPN here.
I have an ASUS RT-AX58U, set up with Wireguard and Diversion.

However when I tried to install Unbound, it turned out it is not using the VPN to resolve DNS, but all DNS query went through the state-owned internet service provider, and it made me quite uneasy.

I started the unbound_manager script and tried to bind Unbound with VPN 1-2-3-4-5, but it seems Wireguard is not in this range, because I only get errors.

I tried to edit the unbound.conf manually, and set the outgoing-interface to the Wireguard interface IP, but it doesnt work.

After several restarts and lots of trying, I read 80+ pages of this forum, but not gained a single clue how to solve this.

Then I thought I create an OpenVPN connection specifically for this purpose. But when I tried to bind Unbound to OpenVPN, nothing happened.
Unbound refused to use the OpenVPN connection. There was no error, everything seemed to normal and working, except the DNS queries went straight to the ISP.

So at this point I gave up.
Does anyone know the solution? Any help would be very much appreciated :)


PS:
Why do I think I need Unbound?

Unfortunately I dont have creditcard that can used for international payment, and foreign transfers are strictly monitored here, so therefore I do not have the freedom to choose which VPN provider to use. So now I'm pretty much forced to use only one, which, although I totally trust, but its DNS server is very unreliable and crashes at least once a week. When this happens, I have no internet access to the world, because using other DNS servers are too risky for me. For example Google's transparency report shows that government agencies requesting user information are fulfilled 91% of the cases, so Google DNS services are out of question. Unfortunately other providers dont even have transparency reports, and I think can't afford to try and see if they are really OK. TOR is also problematic, so I thought would be nice if my router could handle DNS queries completely, and I wouldn't have to worry about it anymore.
 
Last edited:
If you need to hide your DNS queries then use DNS over TLS. Unbound won't help you in any way with that.
 
I'm in a country where the authorities are pretty unfriendly, so any sane person must use VPN here.
I have an ASUS RT-AX58U, set up with Wireguard and Diversion.

However when I tried to install Unbound, it turned out it is not using the VPN to resolve DNS, but all DNS query went through the state-owned internet service provider, and it made me quite uneasy.

I started the unbound_manager script and tried to bind Unbound with VPN 1-2-3-4-5, but it seems Wireguard is not in this range, because I only get errors.

I tried to edit the unbound.conf manually, and set the outgoing-interface to the Wireguard interface IP, but it doesnt work.

After several restarts and lots of trying, I read 80+ pages of this forum, but not gained a single clue how to solve this.

Then I thought I create an OpenVPN connection specifically for this purpose. But when I tried to bind Unbound to OpenVPN, nothing happened.
Unbound refused to use the OpenVPN connection. There was no error, everything seemed to normal and working, except the DNS queries went straight to the ISP.

So at this point I gave up.
Does anyone know the solution? Any help would be very much appreciated :)
You can use VPNMON-R3, which has an integration with unbound to allow your DNS queries to go outbound over your VPN connection (using OpenVPN)... that's how I have mine configured. All DNS queries are private, however, know they go unencrypted from your VPN provider -> DNS root servers.
 
Apologies if this has been answered already, tried to search, but did not turn up any useful results.

I'm in a country where the authorities are pretty unfriendly, so any sane person must use VPN here.
I have an ASUS RT-AX58U, set up with Wireguard and Diversion.

However when I tried to install Unbound, it turned out it is not using the VPN to resolve DNS, but all DNS query went through the state-owned internet service provider, and it made me quite uneasy.

I started the unbound_manager script and tried to bind Unbound with VPN 1-2-3-4-5, but it seems Wireguard is not in this range, because I only get errors.

I tried to edit the unbound.conf manually, and set the outgoing-interface to the Wireguard interface IP, but it doesnt work.

After several restarts and lots of trying, I read 80+ pages of this forum, but not gained a single clue how to solve this.

Then I thought I create an OpenVPN connection specifically for this purpose. But when I tried to bind Unbound to OpenVPN, nothing happened.
Unbound refused to use the OpenVPN connection. There was no error, everything seemed to normal and working, except the DNS queries went straight to the ISP.

So at this point I gave up.
Does anyone know the solution? Any help would be very much appreciated :)
If you already have a VPNDirector rule to send you entire lan to vpn, then edit unbound.conf (vx) and put your br0 ip (192.168.50.1?) as outgoing-interface. Also don't forget to remove the # in front of this line.
 
If you already have a VPNDirector rule to send you entire lan to vpn, then edit unbound.conf (vx) and put your br0 ip (192.168.50.1?) as outgoing-interface. Also don't forget to remove the # in front of this line.
Thank You for your anser, it's sounds promising. I will try.

* Edit:
I tried, and it's working! Thank you so much for your help!
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top