[FEATURE] - Add support for search domain so VPN DNS server is only used for specific domain lookups

[jdieter]

Is your feature request related to a problem? Please describe.
I'm using WG Tunnel to connect to my home network to access certain services that I don't want to make available over the public internet (Nextcloud, Jellyfin, etc). WG Tunnel handles this use case perfectly, except for the fact that it seems that all DNS queries are routed through the tunnel rather than just the ones for my home services (which are only available through a private DNS server). This increases the DNS latency significantly for all queries, and sometimes breaks DNS lookups on my phone when the home network is down.

Describe the solution you'd like
I'd like to be able to tell WG Tunnel to use the VPN DNS server only for my private local domain and to use the default DNS servers everywhere else.

Describe alternatives you've considered
I could remove the DNS server from my wireguard configuration and make my private local domain public, but this isn't ideal from a security point of view.

[jdieter]

So I took a crack at this, making the assumption that setting a value in the "search domain" field in the Wireguard interface would limit DNS queries to that domain (since this is how it works with NetworkManager on Linux). Unfortunately, Android doesn't work the same way and setting the search domain to a VPN interface only adds the search domain without limiting DNS requests going over the VPN to that domain.

At this point, I think I just need to close this since, according to the documentation, there doesn't seem to be any way to tell Android to limit DNS requests going over the VPN to a specific domain. No point having an open issue that can't be fixed. To achieve my goal, I'm instead only assigning specific apps to the VPN, which isn't ideal, but mostly has the same effect.

I've pushed my branch at https://github.com/jdieter/wgtunnel/tree/add-search-domain, but haven't bothered creating a PR since I'm not sure how valuable it is to be able to specify the search domain. If you (or any of your users) are interested, I would be happy to create a PR for it.

[Roy-Orbison]

Please open that PR. Adding search domains to the DNS config setting is standard on other platforms, and very useful for accessing single-label domains in ‘Road Warrior’ VPN configurations.

I did add my search domain to the input, and it seems to be working as I have been able to visit intranet sites and SSH into servers using non-dotted domains. Sending direct, single-label queries to the DNS server does not return results (tested with AndroDNS) so I guess it's being appended somewhere. However, I don't know whether this will cause problems with WG Tunnel now or in the future if that setting is expected to contain only IP addresses. The search domain is missing from that input when I return to edit the connection's settings, so the config can easily be lost.

It's not like there's any downside to the feature.