[newbcentral]

I am using a wireguard tunnel for the home Network. I have set up the PBR so that only certain clients use the wireguard tunnel, based on the source IP.

I also use SmartDNS. SmartDNS doesn‘t use the wireguard tunnel because the router IP is not defined as a source IP to use the tunnel. Thats why I had DNS leaks.

I have now added a destination based policy to the wireguard configuration that routes all queries to the DNS server IPs through the tunnel. This works, but it seems like a bandaid solution. Now the DNS requests of all clients are routed through the wireguard tunnel, and not just those specified as a source in the PBR configuration.

Is there an easy and elegant way to only resolve DNS requests from PBR-source IPs through the tunnel and all others not?

[dale_gribble39]

Did you read the guides?

Sticky: WireGuard guides and documentation

[newbcentral]

I did, just now.

Unfortunately it doesn’t discuss smartdns. And the suggested split DNS option makes the VPN clients use the VPN DNS servers, which is not what I want.

Assigning different DNS servers depending on client IP would make the client resolve the DNS requests themselves. I want dd-wrt to do it, because I don’t trust all my devices to use DoH/DoT.

Unless I have missed something, there doesn’t seem to be a solution for my problem.