[Interface] # ... PostUp = resolvectl dns %i 10.34.3.1; resolvectl domain %i "~hello" PreDown = resolvectl revert %i
about setting up a DNS server to go along with my Wireguard VPN. Now, accessing these
services behind my VPN becomes convenient, and all it takes is one command
for me to get up and running. However, this requires using a Linux distribution
systemd-resolved as the local DNS resolver.
systemd-resolved is a
systemd service that provides DNS resolution to local
applications. It is part of
systemd and is installed by default.
Most1 current Linux distributions with
systemd do not have it enabled by
default. This is unfortunate because I think
resolved is a great piece of
software and handles a lot of the
in the Linux DNS space. If you’re not already using it, I recommend it!
Wireguard uses a configuration file2 to understand how to connect each peer with
another. There is a separate tool by the same author called
wg-quick that allows
us to set up a Wireguard interface easier. This tool also allows us to
bash scripts through its
Putting it together
We can use
systemd-resolved to dynamically change interface settings through
resolvectl command. When we bring the
wg0 interface up through
PostUp directive is also run. Let’s go over it:
resolvectl dns %i 10.34.3.1 resolvectl domain %i "~hello"
systemd-resolvedto use the DNS address specified for the
%iinterface (as expanded by
- Set the
domainfor this interface to your
~is a special operator that tells
systemd-resolvedto direct all queries ending in that domain to use that DNS server. In this way we establish split DNS.
Now, we can run this one command and everything should come up appropriately:
sudo sudo wg-quick up wg0
Since we’re already using
systemd, I prefer to put all of this in a
service file and control it via
systemd directly. And there you have it.