So I have some services and wireguard running locally on a “home” network. I also have wireguard, a DNS resolver, and a reverse proxy set up on a remote server. Since I don’t want to expose the home IP to the public, to access my services I connect to the VPN on the remote, which then forwards my request home. But this means that when I’m at home, connecting to my local services requires going out to the remote. Is there some way to have the traffic go over the switch when at home, but go over wireguard when away, without having to manually switch the VPN on/off?
I could move the DNS resolver (which handles the internal names for the services) from the remote to the home server. But then similarly every DNS request will need to go through both the remote and home servers, doubling the hops. I’d like to use my own DNS server at all times though, both at and away from home. Which tradeoff seems better?
edit: thanks for all the suggestions, I’ll look into some of these solutions and see what works best
DOH goes over port 443 using https, impossible to block (unless you want to blacklist all possible URLs that might serve DNS) so cannot be redirected at network level, like with classic DNS, and uses SSL encryption so cannot be “sniffed” and redirected.
In other words: say goodbye to ad blockers based on DNS like pihole or adguard
While it seems good for your privacy, it’s a dream for Google and such, where PiHoles and such DNS blockers will be useless…