Changing DNS over HTTPS to TLS/Warp

[RaXorX]

@ViRb3 According to #57
This configuration file used with wireguard works over the HTTPS protocol. Which can be checked over https://cloudflare-dns.com/help

Is there a way to change DoH to DoT or Warp? Also, what's the gateway=off signify under warp status when wgcf trace is run?

EDIT: Just when I made this post, I checked again and miraculously it showed me DNS over Warp. (I did not disconnect, merely checked another website which was blocked in my country, which only worked under the DoH and it didn't, so I checked back again on that site)

I hope this is not unstable and doesn't keep switching. Although, when I used the official app that kept switching over and over again on the site, but my blocked site worked fine over it as long as the connection protocol in app was set at DoH and not Warp. nvm, seems like the site is not so stable or sure-fire way to check, checked again and it's back to DoH but my blocked site doesn't work anymore, miraculously it had worked once earlier. Either way, I guess there needs to be a way to switch over DNS over settings manually.

[worstperson]

Wireguard does not support DoH natively like the 1.1.1.1 client, you have to run a DoH/DoT server and redirect DNS requests to it for this functionality. There are exceptions like on Android that supports DoT natively through Private DNS and Firefox that supports DoH.

Either way, all traffic(including DNS) will go over VPN, so it shouldn't have an effect on blocked sites.

[RaXorX]

Either way, all traffic(including DNS) will go over VPN, so it shouldn't have an effect on blocked sites.

I see. Well apparently it is having an effect and I am not so sure why either. I see, so there's no easy way to do that? I guess I'll have to look into it more. Thanks

[holdit]

When using WARP and Cloudflare's own DNS servers, queries are routed via the VPN and never leave the Cloudflare network:

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
 1  one.one.one.one (1.1.1.1)  5.465 ms  5.566 ms  5.497 ms

So it doesn't really matter how queries are done (DoT, DoH, regular queries), they're still encrypted and going directly to Cloudflare. If someone is blocking queries, then you probably have a DNS leak somewhere (use https://dnsleaktest.com/ to test).

One of the reasons why sometimes their help site reports DNS-over-HTTPS is because our browser itself is using DoH. Browsers like Firefox or Chrome (and browsers based on these two) do this, but only sometimes (unless you force DoH). Keep in mind that browser DoH only works for the browser itself, it's not system wide.

Something I noticed is that sometimes (very rare) I'll connect to WARP using the config generated with WGCF, but it's like it's not working. A reboot always fixes it, so I assume it's something on the OS/Wireguard client.

[myrust]

I noticed that the newly released warp linux client supports doh mode switching!

https://developers.cloudflare.com/warp-client/setting-up/linux

[ViRb3]

The DNS is completely managed by WireGuard, we only set the IP address. I don't know what method WireGuard uses, but I don't think it can be changed. It's supposed to be a maximally simple setting that runs on all platforms. Cloudflare's client can do much more because they have custom code running along the VPN, they don't rely on the official WireGuard program. Happy to be proven wrong, though.

[LuuOW]

i think... you could use a service such as duckdns that will point a DNS (sub domains of duckdns.org) to an IP of your choice in the conf file:
when you change the IP you are pointing at the dns will also change that's why you should let DNS as 1.1.1.1 because the DNS will change when the connections pass trought the duckdns server.

[Interface] PrivateKey = XXXXXXXXXXXXXX Address = 0000/00 Address = xxxxxxx DNS = 1.1.1.1 MTU = 1280 [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= AllowedIPs = 0.0.0.0/0 AllowedIPs = ::/0 Endpoint = HERE_GOES_YOUR_WISH_IP:PORT

[ViRb3]

Closing since the question was answered.