hi,
is it possible to route Mikrotik DNS request through Wireguard tunnel (interface)? my ISP block dns port of common DNS servers like 8.8.8.8. i want to Mikrotik resolved dns by sending request to dns servers through Wireguard interface.
Thanks
your isp bloccks access to dns service on 8.8.8.8 ???
ok, then they probably have their own dns server for local users… don’t they?
yes,they have dns server but they for block access to some websites change A record of those website to fake addresses.
for example nslookup of facebook.com returns 10.10.34.20 !!! 
Hi Farhad,
Yes, it is possible.
I could give you two options.
- DOH
- DNS through the WG tunnel
@farhadb
Change country or change emperor…
half of the internet is restricted from the boycott and the other half is content filtered.
change? lol
Probably the user need to understand why using “Dedicated Fiber Communications” is filtered…
Why Galileo had been condemned by the Catholic Church. the same reason applies here.
“Dedicated Fiber Communications” is the owner of the infrastructure that the user use indirectly, is not the owner… 
Probably is connected on some public hotspot and try to circumvent the payment or the blocks…
rextended
We call this “Telecommunication Infrastructure Company” this is where all the ISPs get their BW and it ran under governmental authorities. The 10.10.34.20 was a firewall that will respond to the Client if such content was received.
The 8.8.8.8 is not blocked in our country but it is a Reverse Route injection with OSPF.
…
¯_( ͡° ͜ʖ ͡°)_/¯
thanks for your replies.
i live in hell country and that country is IRAN. most of web sites block by government of Iran and other websites blocked Iran traffic. 
i can’t use DOH cause Google and Cloudflare block Iran IPs. i’ve established a wireguard tunnel between mikrotik and my vps that hosted outside of Iran and routed traffic of all IPs except Iran IPs to it for my lan ip. when i in mikrotik ping blocked website by Iran, mikrotik resolved block ip.
@farhadb
If you didn’t notice we share the same region, I know what is going on exactly.
Some Google services blocked queries from Iran. This is true. On the other hand, it doesn’t mean you can’t use any other public DOH providers or perhaps run your own.
You could use CF as I do regardless of my DNS over the WG tunnel. or even OpenDNS by Cisco.
Note - If you do either of these methods some local DNS queries won’t resolve, mostly governmental domains. You should identify these websites and exclude them via your VPN route policies.
thanks a lot.
i will do what you said and let you know the results.
If your IP is assigned with DHCP, change the default route to a lower priority, or turn it off completely in IP-DHCP Client, if turning off, pay attention to the current gateway assigned..
Go into IP-Route and make sure the 0.0.0.0/0 route is through the Wireguard interface.. If you removed the defaut route in the DHCP client, add a route to your VPS IP using the current gateway, then there will only be the 0.0.0.0/0 route through your VPS.
i did what you say but mikrotik cannot resolved blocked site by ISP for example facebook.com. other site like google.com resolved by mikrotik.
If so, something wasn’t done correctly. What @kevinds has suggested normally sends all traffic via the Wireguard interface, except the transport packets of Wireguard themselves. So post the export of the configuration, removing anything that might identify you (usernames, serial number of the device, public IP addresses if any). Use hide-sensitive as a parameter of the /export command if you run RouterOS 6 to suppress export of passwords and secrets.
Also, does it indeed not resolve the domain name to an IP address or is it unable to reach the IP it resolves to?
thank you Sindy. my config is attached.
MT_Config.txt (2.38 KB)