* apologies if this DNS conditional forwarding query is a daft question
@ 2022-01-24 9:59 Simon McNair
2022-01-24 13:28 ` Frank Carmickle
0 siblings, 1 reply; 3+ messages in thread
From: Simon McNair @ 2022-01-24 9:59 UTC (permalink / raw)
To: wireguard
Hi,
Again apologies if this is networking newb question
I have just spent the weekend laboriously learning about wireguard
windows and finally powershell & internet connection sharing. My usage
case is supporting a parents network and/or sharing resources in a small
site(s) to site(s) network.
My question is this. Without buying any extra commodity hardware, or
installing any more software is it possible to set up conditional DNS
forwarding per peer for DNS ? I would like each subnets DNS server (in
this case isp router) to handle DNS for that subnet.
i.e. if the dns request is for a subnet on peer A use DNS server
192.168.100.254 defined in peer A config
if the dns request is made a subnet on peer B use DNS server
192.168.110.254 defined in peer B config
Similar to this:
[Interface]
PrivateKey = pkhere
ListenPort = 12345
Address = 10.250.250.4/24
[PeerA]
PublicKey = peerpkhere
AllowedIPs = 192.168.100.0/24, 10.250.250.0/24
Endpoint = my.ddnsalias.net:5678
DNS = 192.168.100.254
[PeerB]
PublicKey = peerpkhere
AllowedIPs = 192.168.110.0/24, 10.250.250.0/24
Endpoint = my.ddnsalias.net:5678
DNS = 192.168.110.254
I know we already have the Interface level DNS option but that would
fail for peers unless conditional forwarding was configured which isn't
possible on most home routers. I know I can fix this with dnsmasq or a
pihole but that requires another machine on all the time. I was just
wondering if anything clever could easily be done within wireguard. I
know it's a big ask but it would be appreciated as an enhancement request.
Likewise, for the windows version of wireguard it would be cool if there
was an option to enable internet connection sharing on the client. I
have done this successfully (I am happy to share the steps if required)
although it was a huge pita and required dangerousscripts enabling which
I'm not keen on.
Thanks again for all the hard work Jason, I love the app, and it is
running happily on my ER-X and making my life better.
Regards
Simon
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: apologies if this DNS conditional forwarding query is a daft question
2022-01-24 9:59 apologies if this DNS conditional forwarding query is a daft question Simon McNair
@ 2022-01-24 13:28 ` Frank Carmickle
2022-01-24 18:26 ` Simon McNair
0 siblings, 1 reply; 3+ messages in thread
From: Frank Carmickle @ 2022-01-24 13:28 UTC (permalink / raw)
To: Simon McNair; +Cc: WireGuard mailing list
Greetings Simon,
> On Jan 24, 2022, at 4:59 AM, Simon McNair <simonmcnair@gmail.com> wrote:
>
> Hi,
> Again apologies if this is networking newb question
> I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network.
> My question is this. Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ? I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet.
>
> i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config
> if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config
I'm not totally understanding the topology you are implementing, internet sharing and site to site, that usually means that both sites have internet service. It does seem as though you can accomplish having systems in each subnet use there own DNS by not configuring a DNS directive in the wireguard config at all.
HTH,
--FC
>
> Similar to this:
> [Interface]
> PrivateKey = pkhere
> ListenPort = 12345
> Address = 10.250.250.4/24
>
> [PeerA]
> PublicKey = peerpkhere
> AllowedIPs = 192.168.100.0/24, 10.250.250.0/24
> Endpoint = my.ddnsalias.net:5678
> DNS = 192.168.100.254
>
> [PeerB]
> PublicKey = peerpkhere
> AllowedIPs = 192.168.110.0/24, 10.250.250.0/24
> Endpoint = my.ddnsalias.net:5678
> DNS = 192.168.110.254
>
> I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers. I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time. I was just wondering if anything clever could easily be done within wireguard. I know it's a big ask but it would be appreciated as an enhancement request.
>
> Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client. I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on.
> Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better.
>
> Regards
> Simon
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: apologies if this DNS conditional forwarding query is a daft question
2022-01-24 13:28 ` Frank Carmickle
@ 2022-01-24 18:26 ` Simon McNair
0 siblings, 0 replies; 3+ messages in thread
From: Simon McNair @ 2022-01-24 18:26 UTC (permalink / raw)
To: Frank Carmickle; +Cc: WireGuard mailing list
Hi Frank,
Thanks for responding.
My implementation is a mixture of point to point and site to site.
I have laptops and mobile phones which connect directly in, but I also
have entire class c subnets routing traffic (the only real difference
being enabling ip routing/bridgining the networks vs no routing and only
being able to see the single device).
The windows implementation of wireshark only allows a point to point
connection as windows does not enable routing (in a similar way that I
don't believe linux does by default). This can be worked around in
windows by selecting the adapter and 'sharing' it with the wireshark
connection (internet connection sharing or ICS). This means that
wireshark can see the entire private class c network changing a point
connection to a site.
My desired result is that each sites class C subnet maintains it's own
dhcp leases and reverse dns of the same (using the ISP router). For
each class C subnet I can configure, per peer, that name resolution
should go to the appropriate dns server.
In summary each house has an ISP router which does DHCP and DNS, I would
like to configure each peer to connect via IP to the peers ISP router in
order to resolve DNS.
I hope that makes sense.
Regards
Simon
On 24/01/2022 13:28, Frank Carmickle wrote:
> Greetings Simon,
>
>> On Jan 24, 2022, at 4:59 AM, Simon McNair <simonmcnair@gmail.com> wrote:
>>
>> Hi,
>> Again apologies if this is networking newb question
>> I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network.
>> My question is this. Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ? I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet.
>>
>> i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config
>> if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config
> I'm not totally understanding the topology you are implementing, internet sharing and site to site, that usually means that both sites have internet service. It does seem as though you can accomplish having systems in each subnet use there own DNS by not configuring a DNS directive in the wireguard config at all.
>
> HTH,
> --FC
>
>
>> Similar to this:
>> [Interface]
>> PrivateKey = pkhere
>> ListenPort = 12345
>> Address = 10.250.250.4/24
>>
>> [PeerA]
>> PublicKey = peerpkhere
>> AllowedIPs = 192.168.100.0/24, 10.250.250.0/24
>> Endpoint = my.ddnsalias.net:5678
>> DNS = 192.168.100.254
>>
>> [PeerB]
>> PublicKey = peerpkhere
>> AllowedIPs = 192.168.110.0/24, 10.250.250.0/24
>> Endpoint = my.ddnsalias.net:5678
>> DNS = 192.168.110.254
>>
>> I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers. I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time. I was just wondering if anything clever could easily be done within wireguard. I know it's a big ask but it would be appreciated as an enhancement request.
>>
>> Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client. I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on.
>> Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better.
>>
>> Regards
>> Simon
>>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-24 18:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-24 9:59 apologies if this DNS conditional forwarding query is a daft question Simon McNair
2022-01-24 13:28 ` Frank Carmickle
2022-01-24 18:26 ` Simon McNair
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).