From: Simon Rozman <simon@rozman.si>
To: tlhackque <tlhackque@yahoo.com>,
"wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: RE: Wireguard Windows Service Issues
Date: Mon, 17 Jan 2022 12:47:07 +0000 [thread overview]
Message-ID: <022c115a7c254bec99bb67a12f9d59f4@rozman.si> (raw)
In-Reply-To: <56d2209f-f655-6302-df6d-bce587c8368d@yahoo.com>
Hi,
> From this description, it seems that there's room for improvement.
>
> It doesn't seem reasonable for the WireGuard service to stop. Log and
> perhaps display an error, sure. But stopping seems harsh, and would
> prevent other tunnel endpoints from working - not a good user
> experience.
>
> It would seem better for the service to set a timer and retry failures
> periodically - many DNS issues are transient.
>
> It also seems to me that it would be better for the default to be option
> 3 - make all tunnels dependent on DNSCache without requiring any
> user/admin action. One could condition this on an endpoint being
> specified as a hostname, but that doesn't seem worth the effort. Pretty
> much any use of a tunnel needs name resolution. Even if your resolvers
> are at the other end of the tunnel, starting the client before it's up
> is harmless.
>
> Anyone concerned about DNS snooping on name resolution of the endpoints
> can avoid it by using either of the other two options: hardcoded IP in
> the configuration, or an entry in "hosts".
>
> "It just works" seems much more desirable than mystery service stops. A
> UI status "waiting for hostname resolution" would be ideal.
The DNSCache service is optional on Windows 7/8/8.1/Server 2008R2/2012R2 and may be even disabled. (And the resolution would work just fine.) Since SCM treats all service dependencies as "hard" dependencies, that would render all WireGuard tunnel services fail to start. It's a fairly rare use case, but a demonstration SCM service dependencies must be authored with extreme care.
I'd rather suggest pursuing the macOS approach where services don't have any dependencies to force developers engineer their services to sleep and retry until their dependencies get available. As you suggested first. However, WireGuard for Windows already has DNS resolution retrying loop. Maybe it needs improvement? Let's wait to see what OP's log says.
Regards,
Simon
next prev parent reply other threads:[~2022-01-17 12:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-05 18:47 Tony Pros
2022-01-17 10:51 ` Simon Rozman
2022-01-17 11:18 ` tlhackque
2022-01-17 12:47 ` Simon Rozman [this message]
2022-01-21 21:03 ` Tony Pros
2022-01-24 14:47 ` Simon Rozman
2022-01-24 18:17 ` Simon McNair
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=022c115a7c254bec99bb67a12f9d59f4@rozman.si \
--to=simon@rozman.si \
--cc=tlhackque@yahoo.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).