Wireguard connection fails when DNS isn't working

Question

I had my Wireguard connection working fine, and then after some network changes it failed.

DNS wasn't working, and when I fixed the address in /etc/resolv.conf, pings on my Wireguard connection suddenly started coming through.

Is this the expected behaviour? All of my addresses are hard-coded IPv4, so DNS should not be needed. Could I change something so that Wireguard connects even when DNS isn't present?

I need to make this as reliable as possible: if I can ping a public IP, my Wireguard connection should be fully functional.

Answer 1

Problem solved by changing these lines in /lib/systemd/system/wg-quick@.service:

After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target

to

After=network-online.target
Wants=network-online.target

This won't work if you use domain names in your Wireguard config, but makes startup that much more reliable if you don't need DNS.