Posted: Sun Mar 12, 2023 0:05 Post subject: dnsmasq for wireguard peers
If you want to let wireguard peers use the local dnsmasq service (DNS servers via tunnel: router IP), adding the router IP to the "listen-address" option, as what is being done now, is not sufficient to enable dnsmasq to answer requests for non-authoritative dns lookups. Another dnsmasq option "no-dhcp-interface=oet1" is designed for this scenario.
I couldn't reproduce the problem after removing the additional dnsmasq option "no-dhcp-interface=oet1". It was confirmed by two persons. We probably ran into other issues with dnsmasq, and a service restart fixed it, not the additional option.