DNS settings

[argoso]

Is it possible to allow strings in client DNS conf. That is important because it allows to use DNS search domain option.

DNS = 192.168.1.100, 192.168.1.101, 192.168.1.104
MTU = 1450

to use like
DNS = 192.168.1.100, 192.168.1.101, 192.168.1.104, mydomain.com
MTU = 1450

At least its working with windows wireguard client

[argoso]

It may be more appropriate to add another field and merge them later in the client configuration
like

Client DNS Servers
192.168.1.100, 192.168.1.101, 192.168.1.104
Client DNS search option:
mydomain.com
Result will be in client.conf
...
DNS = 192.168.1.100, 192.168.1.101, 192.168.1.104, mydomain.com
...

[argoso]

with macos client it also work

[zyxep]

@h44z do you know if wireguard it self on client allows domains like that?
on all 3 types of clients (MacOS, Windows & Linux)

this feature is definitely something i would need at my work so we can route internal hostnames.

[argoso]

@zyxep Yes it's not wg-portal feature. This is undocumented feature wireguard client configuration itself. Just add you desired search domains to client config DNS line as shown up. That work with win, linux, macos

[zyxep]

Great, makes sense that h44z has added it f or enhancement and for v2, so the settings are generated for client configs to download.

I tried the settings on my mac but didn't seem to do any changes on my M1 laptop.

[argoso]

@zyxep
DNS servers must be company's internal DNS servers, which allows you do recursive query from vpn's subnet.
https://serverfault.com/questions/857800/find-out-which-dns-server-answered-your-query

[zyxep]

it is, and i can connect to our internal hostnames if i write the FQDN :)
But my problem is DNS Search.. i couldn't see any changes in /etc/resolv.conf on my mac when adding the hostname(s) to my wireguard client config.

[argoso]

ok. I see on my intel mac /etc/resolv.conf
it was change'd when I bring up vpn connection
search mycompany.com
nameserver 192.168.1.100
nameserver 192.168.1.101
you cant add hostname, you can add only internal domainname "mycompany.com" as search option.
Maybe M1 wiregard client behave differently.
without domain search option you cant ping by hostname alone "hostname", but only by full domain name "hostname.mydomain.com"
if you add hostname then dns search names incorrectly

[argoso]

Thanks for sharing! There was not native app for M1 macos, so it's might be a problem to run this thru amd64/x86 emulation. But i confirm that its was working on intel's macos at least with Catalina and Wireguard App version: 1.0.15 (26)

[zyxep]

I've just tested it on my old macbook pro 13".. /etc/resolv.conf in Big Sur is not getting updated.
But if i run scutil --dns i see the resolver that i have set and the search domains are being set.

But i couldn't ping internal company hostnames.. little bit weird.
I am also using app version 1.0.15 (26)

[argoso]

My config file look like:
[Interface]

PrivateKey = ...=
Address = 192.168.27.5/32

DNS = 192.168.1.100, 192.168.1.101, myinternaldomain.home
MTU = 1450

[Peer]
PublicKey = ...=
Endpoint = xxx.xxx.xxx.xxx:51820
AllowedIPs = 0.0.0.0/0
PresharedKey = ...=
PersistentKeepalive = 16

I think you need import changed config to wireguard after manual update DNS line

[argoso]

@zyxep
First I think this must be some kind of interface metric problem, but osx already sets first priority to vpn interface
But I found this: https://developer.apple.com/forums/thread/670856
You can also make own resolver configuration: https://medium.com/@jamieeduncan/i-recently-moved-to-a-macbook-for-my-primary-work-laptop-7c704dbaff59

[h44z]

v2 now support setting search domains