* [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
@ 2020-01-24 18:37 Ricardo Fraile
2020-01-28 10:36 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Ricardo Fraile @ 2020-01-24 18:37 UTC (permalink / raw)
To: wireguard; +Cc: kevin, mdlayher
Hello,
This patch allows wg-quick to pass the search domain to resolvconf with
the option 'DNSSearch=' as it already does with the 'DNS=' option. As an
example:
[Interface]
...
DNSSearch = lan1.example.com, lan2.example.com
...
This was discussed previously a few times:
https://lists.zx2c4.com/pipermail/wireguard/2019-January/003811.html
https://lists.zx2c4.com/pipermail/wireguard/2018-May/002882.html
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004578.html
Thanks,
Ricardo F.
diff --git a/src/man/wg-quick.8 b/src/man/wg-quick.8
index 6250adc..2094c30 100644
--- a/src/man/wg-quick.8
+++ b/src/man/wg-quick.8
@@ -1,4 +1,4 @@
-.TH WG-QUICK 8 "2016 January 1" ZX2C4 "WireGuard"
+.TH WG-QUICK 8 "2020 January 1" ZX2C4 "WireGuard"
.SH NAME
wg-quick - set up a WireGuard interface simply
@@ -82,6 +82,10 @@ DNS servers. May be specified multiple times. Upon
bringing the interface up, th
.BR resolvconf (8)
are undesirable, the PostUp and PostDown keys below may be used
instead.
.IP \(bu
+DNSSearch \(em a comma-separated list of domain names to be set as the
interface's
+search for hostname lookups. This options runs in conjunction with DNS
and only if that is
+already set. Only available on Linux and FreeBSD.
+.IP \(bu
MTU \(em if not specified, the MTU is automatically determined from the
endpoint addresses
or the system default route, which is usually a sane choice. However,
to manually specify
an MTU to override this automatic discovery, this value may be
specified explicitly.
@@ -124,6 +128,8 @@ traffic:
.br
\fBDNS = 10.200.100.1\fP
.br
+ \fBDNSSearch = loc1.example.com, loc2.example.com\fP
+.br
PrivateKey = oK56DE9Ue9zK76rAc8pBl6opph+1v36lm7cXXsQKrQM=
.br
@@ -141,7 +147,7 @@ traffic:
The `Address` field is added here in order to set up the address for
the interface. The `DNS` field
indicates that a DNS server for the interface should be configured via
-.BR resolvconf (8).
+.BR resolvconf (8), the `DNSSerach` field set the search domains with
it too.
The peer's allowed IPs entry implies that this interface should be
configured as the default gateway,
which this script does.
diff --git a/src/wg-quick/freebsd.bash b/src/wg-quick/freebsd.bash
index c390dcc..a108323 100755
--- a/src/wg-quick/freebsd.bash
+++ b/src/wg-quick/freebsd.bash
@@ -16,6 +16,7 @@ INTERFACE=""
ADDRESSES=( )
MTU=""
DNS=( )
+DNS_SEARCH=( )
TABLE=""
PRE_UP=( )
POST_UP=( )
@@ -85,6 +86,7 @@ parse_options() {
Address) ADDRESSES+=( ${value//,/ } ); continue ;;
MTU) MTU="$value"; continue ;;
DNS) DNS+=( ${value//,/ } ); continue ;;
+ DNSSearch) DNS_SEARCH+=( ${value//,/ } ); continue ;;
Table) TABLE="$value"; continue ;;
PreUp) PRE_UP+=( "$value" ); continue ;;
PreDown) PRE_DOWN+=( "$value" ); continue ;;
@@ -297,7 +299,11 @@ monitor_daemon() {
HAVE_SET_DNS=0
set_dns() {
[[ ${#DNS[@]} -gt 0 ]] || return 0
- printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a "$INTERFACE"
-x
+ if [[ -n $DNS_SEARCH ]]; then
+ (printf 'nameserver %s\n' "${DNS[@]}" && printf 'search %s\n'
"$DNS_SEARCH") | cmd resolvconf -a "$INTERFACE" -x
+ else
+ printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a "$INTERFACE"
-x
+ fi
HAVE_SET_DNS=1
}
@@ -342,8 +348,9 @@ save_config() {
{ read -r _; while read -r _ _ _ address _; do
new_config+="Address = $address"$'\n'
done } < <(netstat -I "$INTERFACE" -n -W -f inet6)
- while read -r address; do
- [[ $address =~ ^nameserver\ ([a-zA-Z0-9_=+:%.-]+)$ ]] &&
new_config+="DNS = ${BASH_REMATCH[1]}"$'\n'
+ while read -r line; do
+ [[ $line =~ ^nameserver\ ([a-zA-Z0-9_=+:%.-]+)$ ]] &&
new_config+="DNS = ${BASH_REMATCH[1]}"$'\n'
+ [[ $line =~ ^search\ (.+)$ ]] && new_config+="DNSSearch =
${BASH_REMATCH[1]/ /, }"$'\n'
done < <(resolvconf -l "$INTERFACE" 2>/dev/null)
[[ -n $MTU ]] && new_config+="MTU = $MTU"$'\n'
[[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n'
@@ -395,6 +402,7 @@ cmd_usage() {
- Address: may be specified one or more times and contains one or
more
IP addresses (with an optional CIDR mask) to be set for the
interface.
- DNS: an optional DNS server to use while the device is up.
+ - DNSSearch: Search list for host-name lookup to use while the
device is up.
- MTU: an optional MTU for the interface; if unspecified,
auto-calculated.
- Table: an optional routing table to which routes will be added; if
unspecified or \`auto', the default table is used. If \`off', no
routes
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index 7c2c002..1715354 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -16,6 +16,7 @@ INTERFACE=""
ADDRESSES=( )
MTU=""
DNS=( )
+DNS_SEARCH=( )
TABLE=""
PRE_UP=( )
POST_UP=( )
@@ -57,6 +58,7 @@ parse_options() {
Address) ADDRESSES+=( ${value//,/ } ); continue ;;
MTU) MTU="$value"; continue ;;
DNS) DNS+=( ${value//,/ } ); continue ;;
+ DNSSearch) DNS_SEARCH=${value//,/}; continue ;;
Table) TABLE="$value"; continue ;;
PreUp) PRE_UP+=( "$value" ); continue ;;
PreDown) PRE_DOWN+=( "$value" ); continue ;;
@@ -150,7 +152,11 @@ resolvconf_iface_prefix() {
HAVE_SET_DNS=0
set_dns() {
[[ ${#DNS[@]} -gt 0 ]] || return 0
- printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a
"$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x
+ if [[ -n $DNS_SEARCH ]]; then
+ (printf 'nameserver %s\n' "${DNS[@]}" && printf 'search %s\n'
"$DNS_SEARCH") | cmd resolvconf -a
"$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x
+ else
+ printf 'nameserver %s\n' "${DNS[@]}" | cmd resolvconf -a
"$(resolvconf_iface_prefix)$INTERFACE" -m 0 -x
+ fi
HAVE_SET_DNS=1
}
@@ -253,8 +259,9 @@ save_config() {
for address in ${BASH_REMATCH[1]}; do
new_config+="Address = $address"$'\n'
done
- while read -r address; do
- [[ $address =~ ^nameserver\ ([a-zA-Z0-9_=+:%.-]+)$ ]] &&
new_config+="DNS = ${BASH_REMATCH[1]}"$'\n'
+ while read -r line; do
+ [[ $line =~ ^nameserver\ ([a-zA-Z0-9_=+:%.-]+)$ ]] &&
new_config+="DNS = ${BASH_REMATCH[1]}"$'\n'
+ [[ $line =~ ^search\ (.+)$ ]] && new_config+="DNSSearch =
${BASH_REMATCH[1]/ /, }"$'\n'
done < <(resolvconf -l "$(resolvconf_iface_prefix)$INTERFACE"
2>/dev/null || cat
"/etc/resolvconf/run/interface/$(resolvconf_iface_prefix)$INTERFACE"
2>/dev/null)
[[ -n $MTU && $(ip link show dev "$INTERFACE") =~ mtu\ ([0-9]+) ]] &&
new_config+="MTU = ${BASH_REMATCH[1]}"$'\n'
[[ -n $TABLE ]] && new_config+="Table = $TABLE"$'\n'
@@ -304,6 +311,7 @@ cmd_usage() {
- Address: may be specified one or more times and contains one or
more
IP addresses (with an optional CIDR mask) to be set for the
interface.
- DNS: an optional DNS server to use while the device is up.
+ - DNSSearch: Search list for host-name lookup to use while the
device is up.
- MTU: an optional MTU for the interface; if unspecified,
auto-calculated.
- Table: an optional routing table to which routes will be added; if
unspecified or \`auto', the default table is used. If \`off', no
routes
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
2020-01-24 18:37 [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick Ricardo Fraile
@ 2020-01-28 10:36 ` Jason A. Donenfeld
2020-01-28 10:49 ` Mantas Mikulėnas
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2020-01-28 10:36 UTC (permalink / raw)
To: Ricardo Fraile; +Cc: kevin, Matt Layher, WireGuard mailing list
I'm not so sure that we want to fill wg-quick(8) up with every dns
nob... If you have specialized networking requirements, wg-quick(8) is
probably not for you anyway.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
2020-01-28 10:36 ` Jason A. Donenfeld
@ 2020-01-28 10:49 ` Mantas Mikulėnas
2020-01-28 12:52 ` Nico Schottelius
0 siblings, 1 reply; 6+ messages in thread
From: Mantas Mikulėnas @ 2020-01-28 10:49 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
That might be true, but IMHO the list of search domains doesn't fall
under "specialized options" – it is even deployed via DHCP and similar
mechanisms almost as commonly as the list of DNS resolvers themselves,
so if a VPN client supports the latter then it makes sense to support
both.
On Tue, Jan 28, 2020 at 12:37 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> I'm not so sure that we want to fill wg-quick(8) up with every dns
> nob... If you have specialized networking requirements, wg-quick(8) is
> probably not for you anyway.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
--
Mantas Mikulėnas
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
2020-01-28 10:49 ` Mantas Mikulėnas
@ 2020-01-28 12:52 ` Nico Schottelius
2020-01-28 21:39 ` Lech Perczak
2020-01-29 13:46 ` Ricardo Fraile
0 siblings, 2 replies; 6+ messages in thread
From: Nico Schottelius @ 2020-01-28 12:52 UTC (permalink / raw)
To: wireguard
I second Mantas in this regard - don't bloat wg-quick, but a DNS
search path is pretty standard to be submitted by "a network".
We are not talking dhcp boot options, even though NTP servers would
probably also make sense, if you see wireguard as providing a network.
Best,
Nico
Mantas Mikulėnas <grawity@gmail.com> writes:
> That might be true, but IMHO the list of search domains doesn't fall
> under "specialized options" – it is even deployed via DHCP and similar
> mechanisms almost as commonly as the list of DNS resolvers themselves,
> so if a VPN client supports the latter then it makes sense to support
> both.
>
>
> On Tue, Jan 28, 2020 at 12:37 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>
>> I'm not so sure that we want to fill wg-quick(8) up with every dns
>> nob... If you have specialized networking requirements, wg-quick(8) is
>> probably not for you anyway.
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/wireguard
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
2020-01-28 12:52 ` Nico Schottelius
@ 2020-01-28 21:39 ` Lech Perczak
2020-01-29 13:46 ` Ricardo Fraile
1 sibling, 0 replies; 6+ messages in thread
From: Lech Perczak @ 2020-01-28 21:39 UTC (permalink / raw)
To: Nico Schottelius, wireguard
W dniu 2020-01-28 o 13:52, Nico Schottelius pisze:
> I second Mantas in this regard - don't bloat wg-quick, but a DNS
> search path is pretty standard to be submitted by "a network".
>
> We are not talking dhcp boot options, even though NTP servers would
> probably also make sense, if you see wireguard as providing a network.
>
> Best,
>
> Nico
>
>
>
> Mantas Mikulėnas <grawity@gmail.com> writes:
>
>> That might be true, but IMHO the list of search domains doesn't fall
>> under "specialized options" – it is even deployed via DHCP and similar
>> mechanisms almost as commonly as the list of DNS resolvers themselves,
>> so if a VPN client supports the latter then it makes sense to support
>> both.
>>
>>
>> On Tue, Jan 28, 2020 at 12:37 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>> I'm not so sure that we want to fill wg-quick(8) up with every dns
>>> nob... If you have specialized networking requirements, wg-quick(8) is
>>> probably not for you anyway.
>>> _______________________________________________
>>> WireGuard mailing list
>>> WireGuard@lists.zx2c4.com
>>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
> --
> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
Couldn't agree more with this. Adding search domains with wg-quick would
be really beneficial for my humble roadwarrior-to-OpenWrt setup, to
resolve internal DNS hostnames once connected.
--
Pozdrawiam,
Lech Perczak
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick
2020-01-28 12:52 ` Nico Schottelius
2020-01-28 21:39 ` Lech Perczak
@ 2020-01-29 13:46 ` Ricardo Fraile
1 sibling, 0 replies; 6+ messages in thread
From: Ricardo Fraile @ 2020-01-29 13:46 UTC (permalink / raw)
To: Wireguard
Thanks for the feedback.
As I'll use it with this patch and maybe it can solve the issue to
anyone in the future, I share it on Github:
https://github.com/rfrail3/misc/tree/master/wg-quick
Regards,
P.D: Congrats about the upstream sync!
El 2020-01-28 13:52, Nico Schottelius escribió:
> I second Mantas in this regard - don't bloat wg-quick, but a DNS
> search path is pretty standard to be submitted by "a network".
>
> We are not talking dhcp boot options, even though NTP servers would
> probably also make sense, if you see wireguard as providing a network.
>
> Best,
>
> Nico
>
> Mantas Mikulėnas <grawity@gmail.com> writes:
>
> That might be true, but IMHO the list of search domains doesn't fall
> under "specialized options" - it is even deployed via DHCP and similar
> mechanisms almost as commonly as the list of DNS resolvers themselves,
> so if a VPN client supports the latter then it makes sense to support
> both.
>
> On Tue, Jan 28, 2020 at 12:37 PM Jason A. Donenfeld <Jason@zx2c4.com>
> wrote:
> I'm not so sure that we want to fill wg-quick(8) up with every dns
> nob... If you have specialized networking requirements, wg-quick(8) is
> probably not for you anyway.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-01-30 2:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-24 18:37 [PATCH] wg-quick: Linux and FreeBSD: Add support to search domain in wg-quick Ricardo Fraile
2020-01-28 10:36 ` Jason A. Donenfeld
2020-01-28 10:49 ` Mantas Mikulėnas
2020-01-28 12:52 ` Nico Schottelius
2020-01-28 21:39 ` Lech Perczak
2020-01-29 13:46 ` Ricardo Fraile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).