Wireguard and DNS Timeout

Joachim Wiberg - - 2 mins read

For a while now my Wireguard VPN provider has been handing out a bad DNS server. So whenever I do a DNS lookup it takes five (5!) seconds timing out, which is quite annoying.

This blog post is about how you can fix this with openresolv in Ubuntu.

When you apt install wireguard wireguard-tools on Ubuntu 20.04, you need a manager for /etc/resolv.conf. There are two options here; the traditional resolvconf package and the newer openresolv. To fix my problems I chose the latter.

With the system up and your wg0 connection active (setting it up is not the topic of this post), edit the file /etc/resolvconf.conf, yes its named that even though we’re using the openresolv package. There is lots of stuff already in it, but add the following:

$ sudo vim /etc/resolvconf.conf

# Slow/inactive DNS servers /Jocke
name_server_blacklist=2001:9b1:8826::53

# The edns0 option is from the original resolvconf
resolv_conf_options="edns0 timeout:1"

# Also from original resolvonf
append_search=localdomain

I’ve added my malfunctioning IPv6 DNS server to the blacklist. This means any provider wanting to add a DNS server to /etc/resolv.conf will be filtered through that blacklist.

Finally, the timeout:1 option (notice the double qoutes for multiple options!). I’ve set the timeout to 1, the default is 5 sec, in case any other DNS server starts misbehaving.