Skip to content

Wireguard Quad( DNS resolved

Jump to bottom
Coleganet edited this page Sep 6, 2024 · 1 revision

This article will show you how to set up a server on the hub of, allowing internal DNS names resolved by the Quad9 provider and to be used to access network resources through the hub. We’ll follow these steps:

DNS

To use a peer as a DNS server, add its WireGuard tunnel IP address(es) . For example, to use peer as the DNS server:

nameserver 127.0.0.53

nameserver 10.8.0.2

options edns0 trust-ad

search .

Instructions

Configure Quad9 in the Network Settings (Ubuntu, ).

Open the Terminal application, and copy/paste these commands to enable DNS over TLS. When prompted for your password, type it in and hit Enter.

apt install -y systemd-resolved

sudo sed -i 's/#DNSOverTLS=no/DNSOverTLS=yes/g' /etc/systemd/resolved.conf

sudo sed -i 's/#DNS=/DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net/g' /etc/systemd/resolved.conf

Restart the systemd-resolvd and networking services to recognize the changes to the file:

sudo systemctl restart systemd-resolved.service && sudo service network-manager restart

or can be

sudo service systemd-resolved status

Verify Configuration

Confirm that DNS over TLS is being used by opening the Terminal application and running the following command, typing in your password and pressing `Enter``:

$ dig +short txt proto.on.quad9.net.

If the response is dot., then it is working! If the response is do53-udp., then it's still using plaintext. If there is no response, that means that Quad9 may not have been configured probably in the Network Settings.

Undo

If you experience any issues or want to undo this configuration change:

Open the Terminal application, and copy/paste these commands to disable DNS over TLS. You'll be prompted for your password.

sudo sed -i 's/DNSOverTLS=yes/#DNSOverTLS=no/g' /etc/systemd/resolved.conf

`sudo sed -i 's/#DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net/#DNS=/g'

Restart the systemd-resolvd and networking services to recognize the changes to the file we just made:

sudo systemctl restart systemd-resolved.service && sudo service network-manager restart

or

sudo service systemd-resolved restart

for help use: resolvectl --help

Clone this wiki locally