Wireguard Search Domain

It’s not obvious but in the Wireguard config file one can also specify the DNS search domains. From the man-page:

DNS — a comma-separated list of IP (v4 or v6) addresses to be set as the interface’s DNS servers, or non-IP hostnames to be set as the interface’s DNS search domains. May be specified multiple times. Upon bringing the interface up, this runs ‘resolvconf -a tun.INTERFACE -m 0 -x‘ and upon bringing it down, this runs ‘resolvconf -d tun.INTERFACE‘. If these particular invocations of resolvconf(8) are undesirable, the PostUp and PostDown keys below may be used instead.

Thus you could have the following line:

On an unrelated note (but related in terms of what I was doing, so I might as well put it here) the excellent NextDNS CLI when it activates only changes the nameserver to localhost in /etc/resolv.conf but leaves the search domains as it is. So typically you’d set your /etc/resolv.conf the way you want, then activate NextDNS and it will replace the nameserver. In my edge case however, I had both Wireguard and NextDNS CLI running, and Wireguard was by default only setting the nameserver and not search domain (until I fixed it as above). This resulted in NextDNS not adding any search domain in /etc/resolv.conf and I spent a heck of a lotta time trying to figure out why.