NetworkManager DNS issue

Hi, I am having some issues setting the DNS in NetworkManger GUI and CLI tool.

First I tried configuring a wireguard connection, this worked seemingly ok until I saw the wrong DNS occasionally being used. This behavior is inconsistent and difficult to reproduce consistently. The behaviour is the same when restarting the service and or when rebooting the system. So for a sanity check i disabled the wireguard connection and only used my default connection. In NetworkManager’s GUI I configured ipv4 and ipv6 method to Automatic (addresses only) and set the DNS config manually. I left the other fields at default or blank. Then I checked which DNS my lookups were routed to, and they went to my ISP DNS, not the addresses I configured manually.

resolv.conf and no-stub-resolv.conf in /run/NetworkManager is being set correctly with only the DNS configured from the GUI.

In /etc/NetworkManager/system-connections I can see that the connection config for this connection have the ipv4 and ipv6 ignore-auto-dns flag set to true. And the DNS for ipv4 and ipv6 are the addresses I specified.

nmcli shows the default connection as active, there is also an active loopback (I do not know what this does or the purpose of it).

dnsmasq and systemd-resolved is installed. systemctl shows these two services as inactive. Which is the default behaviour for EndevourOS (?).

I assume this is user error. How do I configure this correctly? And when using a wireguard connection, how can I guarantee that all network traffic is routed through this connection, using the DNS set specifically by this connection’s config?

If you’re testing in a browser, they can use a different DNS. For example in Firefox, you set Enable DNS over HTTPS using: to off under privacy and security to use the system DNS.

Yes, i am familiar with it. This has been set to off during the tests.

I’m having the same issue with wireguard / NetworkManager / KDE, when wireguard is activated via KDE menu.

The only way I get wireguard to work reliably is to start and stop the wireguard guard connection via terminal commands, which I simply have embedded in two scripts that I start via two KDE menu entries.

Terminal commands:

sudo wg-quick up path-to-your-wireguard-conf

sudo wg-quick down path-to-your-wireguard-conf

There are multiple websites for dns resolver leakage test, by experience I ended up with the AUR package aur/dnsleaktest, which to me appears correct all the time.

Thanks for the tip, I’ll give it a try. This migth only solve the DNS issue for the wireguard connection, it does not solve the DNS lookups for the normal (no wireguard) connection which goes to my ISP instead of the configured DNS.