DNS Issues When Using AdGuard Home

Problem Summary

A local AdGuard Home DNS loses connectivity a few minutes after connecting to a WireSock Secure Connect tunnel. Domain resolution stops, causing browsers and applications to fail when resolving IP addresses.

Restarting the tunnel temporarily restores connectivity — likely until the DNS cache expires.

Troubleshooting Attempts Attempts to fix the issue by:

• Adding 127.0.0.0/8 to DisallowedIPs.
• Adding adguardhome/dnscache to DisallowedApps.

Result: Unsuccessful. The DNS connection still drops shortly after tunnel activation.

Problem Description

WireSock Secure Connect does not support DNS redirection to local addresses.

When DNS = 127.0.0.1 is specified in the WireGuard configuration, the client tries to use this address inside the VPN tunnel, causing the loss of access to the local DNS resolver (e.g., AdGuard Home).

Proposed Solution

• Remove the DNS Parameter

  • Delete the line:

    DNS = 127.0.0.1

    from the WireGuard configuration.

• Set 127.0.0.1 as the System DNS
  • Configure the system DNS to 127.0.0.1 before connecting to the VPN.

This approach ensures that DNS resolution remains stable when using WireSock Secure Connect if you rely on a local DNS resolver like AdGuard Home

Why This Works

WireSock Secure Connect handles traffic interception differently than the official WireGuard client or AmneziaWG.

• Key Difference
  • WireGuard/AmneziaWG: Local DNS functions normally due to their interaction with network adapters.
  • WireSock Secure Connect: Routes DNS requests through the VPN tunnel by default, resulting in the described issue.

By removing the DNS setting and manually assigning 127.0.0.1 as the system DNS before connecting to the VPN, local DNS resolution will continue to function correctly.