Wireguard DNS issues

[Martin]

Hello everyone,

I have been having some odd issues with my Wireguard setup, that seem to be specific to how I use my router.
The clients can reach the DNS server just fine, and get responses. However, the DNS Server seems to be failing in forwarding the answers it gets upstream in specific cases.

Situation:

• GT-AX6000 running 3004.388.8_4
• DNS External server setup:
  • 192.168.0.10 (Internal PiHole)
• Wireguard server setup with
  • Allow DNS: Yes
  • Enable NAT - ipv6: No
  • IP Range used: 10.12.0.0/24
  • etc.
• Client settings:
  • DNS: 10.12.0.1

With this any local system can have either the router ip (192.168.0.1) or the PiHole ip (192.168.0.10) setup and both are processed through the PiHole. The PiHole is setup to also issue local DNS responses (example www.mydomain.com) to internal IP addresses. This works.

Remote systems (through Wireguard) can access the world wide web, and even internal clients that have their hostname known at the router. However, the local DNS responses from PiHole do not work (so www.mydomain.com) times out.

Now the weird thing:

nslookup www.nu.nl
Server: 10.12.0.1
Address: 10.12.0.1#53

Non-authoritative answer:
www.nu.nl canonical name = www.nu.nl.edgekey.net.
www.nu.nl.edgekey.net canonical name = e67691.b.akamaiedge.net.
Name: e67691.b.akamaiedge.net
Address: 2.16.6.10
Name: e67691.b.akamaiedge.net
Address: 2.16.6.16

nslookup hostname.local
Server: 10.12.0.1
Address: 10.12.0.1#53

Name: hostname.local
Address: 192.168.0.80

nslookup www.mydomain.com
;; communications error to 10.12.0.1#53: timed out
;; communications error to 10.12.0.1#53: timed out
;; communications error to 10.12.0.1#53: timed out
;; no servers could be reached

It is also visible in the PiHole all 3 queries arrive, and are answered positively. It just seems to be the case the Asus dues not return the request to the client (even though it is answered by the PiHole).

Any thoughts? Or is this a known thing?