Fixing wg-quick's DNS= directive with a hatchet

Daniel Kahn Gillmor dkg at
Mon Oct 30 12:58:48 CET 2017

On Sun 2017-10-29 13:21:24 +0100, Geo Kozey wrote:
> FYI you can already change DNS through resolvconf from non-root
> daemons with correct file permissions or ACLs

resolvconf has plugins on the consumer side as well.  while you might be
able to guarantee that you have the correct file permissions or ACLs on
/etc/resolv.conf, you probably can't make a guarantee that all of the
plugins are going to work with that arrangement.

That said, i'd love to see this kind of proposal standardized and
documented.  Are there any systems that ship with correct file
permissions or ACLs?

> but that's off-topic.

It was off-topic until wg-quick started messing around with the local
system's DNS resolution.  Now it's on-topic :/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <>

More information about the WireGuard mailing list