Search Domain/DNS Suffix

Simon Rozman simon at rozman.si
Mon Apr 6 08:12:54 CEST 2020 

Hi,

I have a similar requirement - to set connection specific DNS suffix. I solved it by extending the wireguard-windows: https://git.zx2c4.com/wireguard-windows/commit/?h=sr/mydist&id=3672fbc0bcb1821c98566fac32ba0638d4d4c611

However, I do not plan to ask zx2c4 to merge it upstream, as he has better idea to provide PostUpExec feature which would allow universal mean for any extra system configuration required. Stay tuned.

Meanwhile, just a suggestion (haven't tested it thou)... Add a task to Task Scheduler to fire every couple of minutes doing:

reg.exe add HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\<GUID of your WG adapter*> /v Domain /t REG_SZ /d contoso.local

This should setup the connection specific DNS suffix soon after the tunnel is established and keep it set. But its nuts and doesn't scale. The PostUpExec will be the right approach.

Regards, Simon

* On Windows 10 the WG adapter GUID is pseudo-random based on your WG config. As long as your config is static, it won't change. Once WG connected, look it up in HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces.

-----Original Message-----
From: WireGuard <wireguard-bounces at lists.zx2c4.com> on behalf of Duncan X Simpson <virtualdxs at gmail.com>
Date: Sunday, 5 April 2020 at 23:51
To: "wireguard at lists.zx2c4.com" <wireguard at lists.zx2c4.com>
Subject: Search Domain/DNS Suffix

    Hello all,
    
    I'm trying to deploy a wireguard VPN for a small company and it's
    working great, with one issue: On Windows/Mac I can't find a way to
    set search domains on the connection. Windows, I can probably just set
    a system-wide search domain via the registry (I plan to test that
    tonight), but on Mac I can't figure out anything. Even the normal
    command line method, networksetup -setsearchdomains [interface],
    doesn't take effect - I can retrieve whatever I set with networksetup
    -getsearchdomains [interface], but it's not used by the system.
    
    Does anybody know a solution or workaround?
    
    Duncan X Simpson, K7DXS
    Removal of this tagline is a violation of Federal Law.
    
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2965 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200406/d9f1eb91/attachment.p7s>

More information about the WireGuard mailing list