Re: MacOS app update needed

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Ken Case <kc@omnigroup.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Simon Karberg <simon.karberg@agillic.com>, wireguard@lists.zx2c4.com
Subject: Re: MacOS app update needed
Date: Fri, 23 Sep 2022 18:28:21 -0700	[thread overview]
Message-ID: <3EAF348D-C304-4048-81CC-98110AD1BCAC@omnigroup.com> (raw)
In-Reply-To: <CAHmME9o1psix3jGC5tx81dG_7D+WVrBhjYSho-_tLGu=S7H+1Q@mail.gmail.com>


> On Sep 22, 2022, at 04:48, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> 
> On Wed, Sep 21, 2022 at 9:31 AM Simon Karberg <simon.karberg@agillic.com> wrote:
>> 
>> Hi,
>> 
>> I've been testing the Domain Search functionality on all 3 OS'
>> (Windows, Mac & Linux) and the setting:
>> 
>> DNS=<dns server>, <search domains>
>> Is only being applied on Windows & Linux.
>> 
>> Further testing on MacOS I've found that the homebrew installation works.
>> wiregurd-go is version 0.0.20220316 and wireguard-tools is version 1.0.20210914
>> 
>> The App Store app is version:
>> App: 1.0.15 (26)
>> Go backend: 2ef39d47
> 
> Huh, that's surprising. This was added a few years ago with 9231c035
> ("global: support DNS search domains"), so it definitely *should* be
> supported. Might be a bug with the network config from
> PacketTunnelSettingsGenerator. I'll look into this when circling back
> to wireguard-apple development. Thanks for mentioning it.
> 
> Jason
> 

Oh, I have a pretty simple patch that fixes this bug that I've been running locally for months. I keep meaning to figure out the right place to send it, but keep not having time to look up where that is. Patch included below, anyone is welcome to use it (attributed or not) or to direct me to send it somewhere else!

				Cheers,
				Ken

---

Subject: [PATCH] Qualify routed DNS queries based on search domains.

Rather than unconditionally routing all DNS queries through the
associated tunnel's DNS, only route queries when no search domains
have been specified. When search domains _have_ been specified, route
those domains to the tunnel's DNS but let other domains continue to be
routed to other network interfaces.
---
Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
index c53a82c..5b7f63c 100644
--- a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
+++ b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -88,7 +88,13 @@ class PacketTunnelSettingsGenerator {
            let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
            dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
            if !tunnelConfiguration.interface.dns.isEmpty {
-                dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
+                if tunnelConfiguration.interface.dnsSearch.isEmpty {
+                    // Since no search domains were listed, use this tunnel's DNS for all queries
+                    dnsSettings.matchDomains = [""]
+                } else {
+                    // Only use this tunnel for the listed search domains
+                    dnsSettings.matchDomains = tunnelConfiguration.interface.dnsSearch
+                }
            }
            networkSettings.dnsSettings = dnsSettings
        }
--  2.37.0 (Apple Git-136)

     prev parent reply	other threads:[~2022-09-28 10:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-21  7:28 Simon Karberg
2022-09-21  7:52 ` Houman
2022-09-21  8:20   ` Bruno
2022-09-22 11:29     ` Harald Dunkel
2022-09-22 11:34       ` Jason A. Donenfeld
2022-09-22 11:43     ` Jason A. Donenfeld
2022-09-22 12:04       ` Lewis Donzis
2022-09-22 13:26         ` Bruno
2022-09-22 13:49           ` Jason A. Donenfeld
2022-09-22 11:33   ` Jason A. Donenfeld
2022-09-22 11:48 ` Jason A. Donenfeld
2022-09-24  1:28   ` Ken Case [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3EAF348D-C304-4048-81CC-98110AD1BCAC@omnigroup.com \
    --to=kc@omnigroup.com \
    --cc=Jason@zx2c4.com \
    --cc=simon.karberg@agillic.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).