Blackholing Domains with WireGuard
Short post incoming because it's not worthy of a longer one, but more interesting than dropping a tweet.
I noticed that my laptop was still connecting to ad serving domains I'd blackholed in
/etc/hosts when I was connected to my WireGuard VPN. Obviously this wasn't great as the point of blackholing them was to ensure my laptop couldn't connect.
Looking at the official WireGuard docs, I couldn't see anything that pointed me in the right direction. The unofficial docs were better, but didn't have much about the
DNS line in
Before I begun, my
wg0.conf looked like this, with DNS provided by Cloudflare.
After a few tries with multiple
DNS entries and separators, I found that to block domains effectively, I simply needed to add them to the
DNS config line, separated by
;. This means that my
DNS entry became as follows and those domains were sequestered in the darkness.