On 20.05.21 18:20, Roman Mamedov wrote:
On Thu, 20 May 2021 11:15:30 +0500
Roman Mamedov <r...@romanrm.net> wrote:
So, what do you mean is that wireguard does a single DNS resolution at
the beginning and further DNS resolutions need to be done elsewere. Is
that correct?
Yes.
I also remembered a case where just PersistentKeepalive won't save you, and
periodic DNS resolution on clients becomes mandatory. It is when the server's
physical location gets a power cut. On new boot-up (and router power-on) it
gets a new IP from the ISP, and has no idea where all the clients are. The
communication is broken until clients recheck the DNS record and update the
server's endpoint from that. WG does not do this on its own.
Just to point out what 'others are doing' - openwrt has a watchdog
script [1] that might be run with cron every 15 mins
*/15 * * * * /usr/bin/wireguard_watchdog
which will update the new endpoint if the last handshake is too old:
wg set ${iface} peer ${public_key} endpoint
"${endpoint_host}:${endpoint_port}"
It needs PersistenKeepalive also, if i understand correctly.
[1]
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/utils/wireguard-tools/files/wireguard_watchdog;hb=HEAD
--
Max
