rethink-app icon indicating copy to clipboard operation
rethink-app copied to clipboard
verified publisher icon celzero

Keeps ignoring local IP address set for specific app when switching to WireGuard-based personal DNS resolver.

Open faxotherapy opened this issue 1 month ago • 1 comments

Hi, when not on VPN, domain points to public IP address, as expected. When using WireGuard (RethinkDNS Advanced mode) where I told it to use 10.0.0.1 (:53) as DNS server, RethinkDNS keeps using domain's public IP address instead of the one, i.e. 10.0.0.1 (:443), set in dnsmaq (used as lying resolver for that specific domain) on my server.

I do not have this problem on my laptops either thru macOS or Linux. It's just that on RethinkDNS/Android, my order is blatantly ignored. Doing a dig either on macOS or Linux outputs 10.0.0.1 for that specific domain under the ;; ANSWER SECTION: section, as expected when on WireGuard—I use the vanilla WireGuard app with 10.0.0.1 set for the DNS server.

In my case, I even forced rethink to exclusively use my own DNS: Configure ➝ Other DNS ➝ DNS 53 ➝ (then add 10.0.0.1:53) even though I already set 10.0.0.1 in the DNS section of the WireGuard client.

I tried to play with Firewall rules (IP & Port rules, per app), but not successful.

In my case, re-directing Nextcloud Talk domain to a local IP address inside the WireGuard network would enable me to fix that issue already discussed, but still not solved yet.

Context – Configuring WireGuard on the server was way easier for me than spending light years to configure TURN/STUN.

faxotherapy avatar Dec 09 '25 13:12 faxotherapy

RethinkDNS keeps using domain's public IP address instead of the one, i.e. 10.0.0.1 (:443), set in dnsmaq (used as lying resolver for that specific domain) on my server.

For bootstrapping purposes, Rethink (for its own DNS queries) uses DNS set in Configure -> Network -> Fallback DNS (by default, set to "None" or "System"). It isn't possible to change Rethink's bootstrapper to a WireGuard DNS:

  • https://github.com/celzero/rethink-app/issues/2070
  • https://github.com/celzero/rethink-app/issues/2188 (possibly also a dup of this issue; if so, I'll close this one, and you can subscribe to the other one... look for the "Subscribe" button in the right-hand side-section of that page).

If you're using WireGuard in Advanced mode AND if you're on Android 12+, turn ON Rethink's Configure -> DNS -> Split DNS (if it isn't ON already), and from then on, apps being routed through a particular WireGuard will use that WireGuard's DNS.

ignoramous avatar Dec 09 '25 19:12 ignoramous