Cloudflare Tunnel DNS fails for reddit.com and other websites when in include mode

I am on Linux (Ubuntu) I have installed the WARP client.
In the zero trust dashboard, I configured it to mode Gateway with WARP
I then set Split Tunnels to include mode, with only at 10[dot]0[dot]0[dot]0/8 block in the includes, as that is the only thing I want to forward through Cloudflare, to allow us to reach an internal AWS VPC, that is connected.
Now I am able to reach machines in the VPC with this setup, but going to reddit[dot]com on chrome, fails with dns issues.
Curl seems to work just fine.

help[dot]teams[dot]Cloudflare[dot]com also fails to get all data from the API

Any suggestions?

this is definitely a dns issue.
setting brave to use 1.1.1.1 as the dns server, “fixes” it.

So I’m not entirely sure what the warp-cli is doing to my dns settings.

when using exclude mode my nameservers in /etc/resolv.conf are the same as in include mode.
but somehow chrome and firefox cannot get a dns response.

this is something with chrome.
slack app, has issues as well.
Firefox though is fine.

ubuntu does some weird stuff sometimes…
anyway
edit

sudo vim /etc/nsswitch.conf

Where you see

hosts:          files mdns4_minimal [NOTFOUND=return] dns

change to

hosts:          files mdns4_minimal resolve [NOTFOUND=return] dns

resolve will tell chrome to use resolve when files or mdns4_minimal fail.
my guess is that one of these two leads too /etc/resolve.conf with Cloudflare (wireguard) changes.
When in include mode, it will ignore any other requests not for domains that resolve to ips we have included in includes and thus fail?

anyway unless someone has a better way to solve this we can resolve this thread.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.