Feature Request: Configurable Re-Resolving of DNS Endpoints

Pierre Grimme gamedev.pierre.grimme at gmail.com
Wed Apr 27 18:50:58 UTC 2022

Using a Domain as Endpoint on your WG-Client to reach the server with
a dynamic IP address breaks the connectivity when the server changes
its public IP address.
Wireguard only resolves domains once and uses from there on the
resolved IP address. This is a huge problem in the private sector,
where static IP addresses are not common. Even worse is the situation
with Dual-Stack-Lite configurations, where your public IPv4 address is
not reachable from outside. You have to use domains pointing to your
current IPv6 address to get connection to your local network.
The end user does not understand why the connection is not working
anymore, especially on mobile devices. Also, a workaround with the
re-resolve script is not possible due to lack of system file access
and permissions. Private internet connections are force quitted every
24h. More often if something goes wrong.

There is an open-source project called netmaker which builds meshed
networks with wireguard vpn connections. If you try to self-host this
program on your private internet connection you need an endpoint
address which is static. The need here is to input an address
dynamically via a domain so you could always reach your server master.

The solution would be to re-resolve the endpoint address from time to
time. The big benefit is that your endpoint IP could be dynamic. Your
domain can point to a cname, a or aaaa record, which would enable
people with a Dual-Stack-Lite internet connection a "stable"
connection. Due to the concept of wireguard to be minimalistic it
would be perfect, if the feature is off by default and only turned on
when you enable it in wg-interface config. It would be great to have a
configurable parameter e.g "dns-resolve-duration = 10 #in seconds"
The solution should be usable with all available wireguard clients.

More information about the WireGuard mailing list