Hi all,
Two days ago I’ve deployed Wireguard and it works like a charm - even deployed in Portainer on OMV5
Thanks for huge work (not only with wireguard-docker) for community.
I’ve noticed when I start wireguard container I can see in pi-hole log that appears NS queries to “dot” (TLD) every 1-2 seconds
No peers are connected to Wireguard docker at this time yet.
Something is misconfigured by me or there is another reason of such traffic?
I’ve found no answers in search engines.
Many thanks in advance for any help.
I’m bumping this thread with a solution that worked for me. Wireguard’s CoreDNS was configured to use the CoreDNS forward plugin to forward all DNS requests to the nameservers defined in /etc/resolv.conf. The forward plugin also performs a health check on those servers by sending the query . IN NS every 0.5 seconds. This can be disabled by adding max_fails 0 in /config/coredns/Corefile. Corefile should now look like the following (assuming no other changes have been made):
These failing health checks are likely due to incorrectly configured pi-hole (common when running it in a container). The dns address does not match the sender of the response (ie. dns address set to host IP and port, but the response from pi-hole is sent through the docker network so it’s coming from pi-hole’s docker IP).
We don’t recommend running pi-hole in a container for this reason and others. Much better to run it on a dedicated pi on the lan like it was originally intended.