pfSense

Hello,

I'm not very technical but here goes:

Feature request: An option to make it so each wireguard tunnel uses its own interface/tunnel for DNS. And/or also, allow gateway groups under System -> General Settings -> DNS Server Settings drop down menu and/or Interface groups (like gateway groups) under Services -> DNS Resolver -> Outgoing Network Interfaces

Why?

• Let's say you have multiple wireguard tunnels created with different locations. For example: Paid Mullvad VPN service. Wireguard tunnel #1 in pfsense: USA, Dallas location. Wireguard tunnel #2: UK, Glasgow location.

• From my knowledge, under setting: Services -> DNS resolver -> Outgoing Network Interfaces; you must pick which wireguard tunnel interface to use to contact a DNS server. So for example, you can select USA Dallas WG interface, UK Glasgow WG interrace or both of them. This is with "Enable Forwarding Mode" enabled.

• A client using a wireguard tunnel will be requesting DNS from a mis-matching DNS server (or many mis-matching DNS servers) and stick out like a sore thumb for privacy/fingerprinting; depending on which outgoing network interfaces you have selected in pfsense dns resolver settings.

For example, client is using USA Dallas wireguard tunnel. But their DNS will be using USA Dallas interface AND UK Glasgow interface locations for their DNS server. (if both were selected under Outgoing Network Interaces)

• This makes it impossible (or almost impossible) to setup DNS properly using multiple wireguard tunnels of different locations.

• Also, if I only select one outgoing network interface - I believe it creates a single point of failure. If a server from that mullvad tunnel goes down, all internet will go down. But, if I select multiple outgoing network interfaces, they will all be used for DNS on each client.