DNS name resolution should not be done during configuration parsing.

Vincent Wiemann vincent.wiemann at ironai.com
Tue Feb 19 16:45:58 CET 2019


Hi Matthias,

On 19.02.2019 08:22, Matthias Urlichs wrote:
> We don't even need call-outs. We already have a netlink interface which
> a userspace client can use to monitor WG. Teach that client to
> re-resolve the name and to update the peer.
>

that's not a good design choice. A kernel VPN module should not depend
on a user space daemon for doing regular checks or a daemon running at
all. We want to be able to set it up using e.g. systemd-networkd and
don't have to care about it afterwards. Thus WireGuard should be able to
resolve the hostnames.

On 17.02.2019 19:26, Vincent Wiemann wrote:
> One could build up on
> https://www.kernel.org/doc/Documentation/networking/dns_resolver.txt ,
> but it's a lot of work and shouldn't be a goal before WireGuard becomes
> an upstream kernel module.

I'm pretty sure that's the way to go long-term.

Regards,

Vincent Wiemann


More information about the WireGuard mailing list