wireguard: specify dns server

without this Android clients will do DNS lookups outside of WireGuard, which a) is leaking and b) may or may not work at all.
2022-09-19 16:39:38 +02:00 · 2022-09-19 16:39:38 +02:00 · b5834a604b
parent 8b3e3e7b40
commit b5834a604b
2 changed files with 8 additions and 1 deletions
--- a/mitmproxy/addons/dns_resolver.py
+++ b/mitmproxy/addons/dns_resolver.py
@ -139,7 +139,13 @@ async def resolve_message(
 class DnsResolver:
    async def dns_request(self, flow: dns.DNSFlow) -> None:
        should_resolve = (
-            isinstance(flow.client_conn.proxy_mode, mode_specs.DnsMode)
+            (
+                isinstance(flow.client_conn.proxy_mode, mode_specs.DnsMode)
+                or (
+                    isinstance(flow.client_conn.proxy_mode, mode_specs.WireGuardMode)
+                    and flow.server_conn.address == ("10.0.0.53", 53)
+                )
+            )
            and flow.live
            and not flow.response
            and not flow.error
--- a/mitmproxy/proxy/mode_servers.py
+++ b/mitmproxy/proxy/mode_servers.py
@ -352,6 +352,7 @@ class WireGuardServerInstance(ServerInstance[mode_specs.WireGuardMode]):
            [Interface]
            PrivateKey = {self.client_key}
            Address = 10.0.0.1/32
+            DNS = 10.0.0.53

            [Peer]
            PublicKey = {wg.pubkey(self.server_key)}