Development discussion of WireGuard
 help / color / mirror / Atom feed
* [PATCH] Qualify routed DNS queries based on search domains
@ 2023-11-02 23:48 Ken Case
  0 siblings, 0 replies; only message in thread
From: Ken Case @ 2023-11-02 23:48 UTC (permalink / raw)
  To: wireguard

Implement support for DNS search domains in the native apps for Apple
platforms (Mac and iOS), matching the search domain support already
implemented for other platforms.

Rather than unconditionally routing all DNS queries through the
associated tunnel's DNS, only route queries when no search domains
have been specified. When search domains _have_ been specified, route
those domains to the tunnel's DNS but let other domains continue to be
routed to other network interfaces.

Signed-off-by: Ken Case <kc@omnigroup.com>
---
 Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
index c53a82c..5b7f63c 100644
--- a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
+++ b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -88,7 +88,13 @@ class PacketTunnelSettingsGenerator {
             let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
             dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
             if !tunnelConfiguration.interface.dns.isEmpty {
-                dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
+                if tunnelConfiguration.interface.dnsSearch.isEmpty {
+                    // Since no search domains were listed, use this tunnel's DNS for all queries
+                    dnsSettings.matchDomains = [""]
+                } else {
+                    // Only use this tunnel for the listed search domains
+                    dnsSettings.matchDomains = tunnelConfiguration.interface.dnsSearch
+                }
             }
             networkSettings.dnsSettings = dnsSettings
         }
--  2.41.0


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2023-11-02 23:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-02 23:48 [PATCH] Qualify routed DNS queries based on search domains Ken Case

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).