Hi, My wireless interface is controlled via iwd (EnableNetworkConfiguration=true, NameResolvingService=resolvconf), and I have a wireguard VPN used to remotely access my private network, managed via e/n/i / ifupdown (using wg-quick). In /etc/wireguard/wg0.conf, I have a "DNS=xxx.xxx.xxx.xxx" line, pointing to a nameserver I run within my private network (reachable through the wireguard tunnel).
When I connect to a wireless network (using DHCP, handled by iwd, as above), /etc/resolv.conf gets populated with the standard: nameserver nnn.nnn.nnn.nnn search a.b.c When I then do "ifup wg0", my specified nameserver xxx.xxx.xxx.xxx is *prepended* to the above lines, so I end up with the following in /etc/resolv.conf: nameserver xxx.xxx.xxx.xxx nameserver nnn.nnn.nnn.nnn search a.b.c This seems wrong, and a potentially serious DNS leak: if my nameserver xxx.xxx.xxx.xxx ever goes down, then nameserver nnn.nnn.nnn.nnn will be automatically queried, which may be undesirable. My understanding is that the VPN configuration should be *replacing* the pre-VPN /etc/resolv.conf, rather then *prepending* the new nameserver to it. Am I misunderstanding things, have I misconfigured things, or is this indeed a (serious) bug? -- Celejar