Re: apologies if this DNS conditional forwarding query is a daft question

[Frank Carmickle <frank@carmickle.com>]

Greetings Simon,

> On Jan 24, 2022, at 4:59 AM, Simon McNair <simonmcnair@gmail.com> wrote:
> 
> Hi,
> Again apologies if this is networking newb question
> I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network.
> My question is this.  Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ?  I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet.
> 
> i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config
>        if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config

I'm not totally understanding the topology you are implementing, internet sharing and site to site, that usually means that both sites have internet service. It does seem as though you can accomplish having systems in each subnet use there own DNS by not configuring a DNS directive in the wireguard config at all.

HTH,
--FC


> 
> Similar to this:
> [Interface]
> PrivateKey = pkhere
> ListenPort = 12345
> Address = 10.250.250.4/24
> 
> [PeerA]
> PublicKey = peerpkhere
> AllowedIPs = 192.168.100.0/24, 10.250.250.0/24
> Endpoint = my.ddnsalias.net:5678
> DNS = 192.168.100.254
> 
> [PeerB]
> PublicKey = peerpkhere
> AllowedIPs = 192.168.110.0/24, 10.250.250.0/24
> Endpoint = my.ddnsalias.net:5678
> DNS = 192.168.110.254
> 
> I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers.  I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time.  I was just wondering if anything clever could easily be done within wireguard.  I know it's a big ask but it would be appreciated as an enhancement request.
> 
> Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client.  I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on.
> Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better.
> 
> Regards
> Simon
>