Hi,
I have an interesting use-case for fly wireguard that would benefit from being able to enumerate the tunnels from the instance. Maybe this is not a good idea security wise, but maybe it could be opt-in?
Similar to how other apps are discoverable via DNS, it would be cool to be able to retrieve a wireguard peer’s ip from a TXT record that a service could enumerate inside a fly machine.
Hey @colemickens-ds
This should already be possible.
_peer.internal TXT record should return the names of the peers.
<peername>._peer.internal AAAA record should return the IP address of the specific peer.
One note - the list of peers doesn’t include interactive peers that flyctl creates automatically when needed (peers whose name start with interactive-).
Because I was silly and kept querying TXT for the ipv6 instead of AAAA, here’s an example:
testuser@6833121b762558:~$ dig +noall +answer _peer.internal txt
_peer.internal. 5 IN TXT "redacted-list,tube-colemickens-1708527531"
testuser@6833121b762558:~$ dig +noall +answer tube-colemickens-1708527531._peer.internal AAAA
tube-colemickens-1708527531._peer.internal. 5 IN AAAA fdaa:0:4da4:a7b:8eb7:0:a:102
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.