SOLVED WireGuard VPN clients can’t resolve internal hostnames.
Since AVM Fritzbox can provide VPN connectivity via WireGuard, it was a target to connect a Mango Router from Gli Net to it to have a permanent tunnel between the remote office (holiday) and the Head Quarter (Home).
The configuration itself already could be easier, but once it was up and running, it was fine.
Only one thing was annoying, that the clients couldn’t resolve the internal hostnames in the remote network.
Description:
- Connected clients could resolve all DNS records but not resolve internal hostnames (by their IPv4) on the remote network.
- Ping to IP was working and connections to IP addresses and ports also.
Symptoms:
| DNS Rebinding Attack Protection ON | DNS Rebinding Attack Protection OFF | |
| Nslookup to Mango DNS for „internal hostname on remote network“ | Error:
*** Keine internal type for both IPv4 and IPv6 Addresses (A+AAAA)-Einträge für fritzbox.***.*** verfügbar. |
Fine!
Address: 192.168.x.y |
| Nslookup via PuTTY on mango router itself | Works | Works |
| Wireshark Trace | Works | Works |
Root cause:
The DNS Rebinding Attack Protection was set to „ON“.
My solution:
I set that DNS Rebinding Attack Protection to „OFF“ and the name resolution did work as expected again.