search

jwhited / wgsd

A CoreDNS plugin that provides WireGuard peer information via DNS-SD semantics
https://www.jordanwhited.com/posts/wireguard-endpoint-discovery-nat-traversal/
MIT License
818 stars 76 forks source link

Explanation of authoritative server #34

Open HarvsG opened 3 years ago

HarvsG commented 3 years ago

This tool looks amazing, I am looking forward to using it to enable a kick-ass road-warrior set-up that enable me to have access to multiple sites with the click of a button. All with greater reliability and performance than my current hub and spokes model.

I just had a question from the readme that I'm not sure about.

In the readme, you say

ZONE is the zone name wgsd should be authoritative for, e.g. example.com.

In terms of set-up what does this actually entail? Do I have to ensure that the registry is an authoritative name server? Ensure that example.com is not registered elsewhere?

Edit: Looking at the code, it looks as if ZONE could be anything, even a domain I don't own as long as it was configured the same in corefile and wg-client? Or will coredns forward the query if it knows about a true authoritative server for the address?

119977 commented 3 years ago

fail fail fail fail,How to set coredns?????

After using wgsd client in window, I can't connect to two Nats. Here are the output information and configuration information

Dig in server

$dig @10.0.0.1 -p 53 wireguard. udp.example.com . PTR +noall +answer +additional

output ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 9.4 <<>> @10.0.0.1 -p 53 wireguard._ udp.example.com . PTR +noall +answer +additional ; (1 server found) ;; global options: +cmd

registry "wg show" output

`[root@cvm14394 ~]# wg interface: wg1 public key: dp5UhIpRw6JBDbFoVeI7gCLpaUTT332WRMsfPVCEYVI= private key: (hidden) listening port: 51820

peer1

peer: 6TIxBFP8A4oOJovaZJwYJmgpV1UiNm1WsYy2rN7lDx4= endpoint: xxx.xxx.xx.xx:22519 allowed ips: 10.0.0.3/32 latest handshake: 52 seconds ago transfer: 3.89 KiB received, 1.08 KiB sent

peer2

peer: 0uQXq733ROaitW0/KDdrGUlK046OawBSp1u4VQKyNWg= endpoint: xxx.xxx.xxx.xxx:22523 allowed ips: 10.0.0.2/32 latest handshake: 1 minute, 6 seconds ago transfer: 3.89 KiB received, 1.08 KiB sent ` DNS settings

.:53 { wgsd wireguard. udp.example.com . wg1 { self 10.0.0.1/32 } } window output `C:\Program Files\WireGuard>wgsd-client -device test -dns 10.0.0.1:53 -zone example.com.

2021 / 04 / 07 14:31:44 [dp5uhiprw6jbdbfovei7gclpautt332wrmsfvvceyvi]) no SRV records found

2021 / 04 / 07 14:31:44 [0uqxq733roaitw0 / kddrgulk046owbsp1u4vqkynwg]) no SRV records found`

HarvsG commented 3 years ago

@119977 I am confused as to why you have commented on this issue with a different issue?