From 4d3c9d6643e5c0c6d2ceb91474ea63b4066be9e7 Mon Sep 17 00:00:00 2001
From: Ludvig Strigeus <strigeus@gmail.com>
Date: Sat, 17 Nov 2018 17:25:50 +0100
Subject: [PATCH] Enable DNS block only if the DNS addr is a part of the routes

---
 wireguard.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/wireguard.cpp b/wireguard.cpp
index f52c9f6..42346ae 100644
--- a/wireguard.cpp
+++ b/wireguard.cpp
@@ -179,7 +179,16 @@ bool WireguardProcessor::ConfigureTun() {
     }
   }
 
-  config.block_dns_on_adapters = dns_blocking_;
+  if (dns_blocking_) {
+    // Block DNS if at least one of the DNS servers is part of included_routes
+    for (const auto &dns : dns_addr_) {
+      WgCidrAddr tmp = WgCidrAddrFromIpAddr(dns);
+      if (IsWgCidrAddrSubsetOfAny(tmp, config.included_routes) && !IsWgCidrAddrSubsetOfAny(tmp, excluded_ips_)) {
+        config.block_dns_on_adapters = true;
+        break;
+      }
+    }
+  }
   config.internet_blocking = internet_blocking_;
   config.dns = dns_addr_;