In the previous setup, the client of the VPN used a separate DNS resolver over the internet, however this can result in your data getting leaked.
This time, I would like to use dnsmasq on the Vultr instance and make the Vultr instance act as a DNS server. To do this you need to install the dnsmasq package from the software repository. I added this in cloud-init script as shown here. Then you need to add these three lines at the end of your /etc/dnsmasq.conf
listen-address=127.0.0.1,10.8.0.1
bind-interfaces
server=1.1.1.1
These lines tell the dnsmasq to bind the dnsmasq service into lo, and wg0 interfaces and use 1.1.1.1 as DNS (cloudflare's dns).
Once you have that you need to enable the TCP/UDP connection on the port 53 via UFW.
ufw allow from 10.8.0.0/24 to any port 53 proto tcp
ufw allow from 10.8.0.0/24 to any port 53 proto udp
Then restart the dnsmasq service via: systemctl restart dnsmasq
Once this is done, you have to then change the client's DNS configuration like this
To verify this, you can check your /etc/resolv.conf
and it shows that it's using the nameserver of my Vultr instance.
Comments
Post a Comment