Unable to dig _peer.internal when default name is used

:wave: Howdy!

So I don’t know if this is a bug to report here or in GitHub - superfly/flyctl: Command line tools for fly.io services, so happy to move wherever.

If you do fly wg create, walk through the generic steps and let it create a default peer name for you, then attempting to lookup peers according to the docs will actually fail

On Peer A:

➜  ~ fly wg create nerves
Creating WireGuard peer "interactive-megakopf-jjcarstens-me-com-641" in region "sea" for organization nerves
# ...omitted logs
# connect Peer A to WireGuard with new config

Then on Peer B (connected via WireGuard):

➜  ~ dig +short txt _peer.internal @fdaa:0:45f6::3 
;; Warning: Message parser reports malformed message packet.

➜  ~ fly wg list nerves
|                    NAME                    | REGION |           PEER IP            |
| interactive-felix-jjcarstens-me-com-365    | sea    | fdaa:0:45f6:a7b:177d:0:a:302 |
| interactive-megakopf-jjcarstens-me-com-641 | sea    | fdaa:0:45f6:a7b:177d:0:a:202 |
| interactive-megakopf-jjcarstens-me-com-440 | sea    | fdaa:0:45f6:a7b:177d:0:a:102 |
| interactive-megakopf-jjcarstens-me-com-688 | sea    | fdaa:0:45f6:a7b:177d:0:a:2   |

➜  ~ dig +short aaaa interactive-megakopf-jjcarstens-me-com-641._peer.internal @fdaa:0:45f6::3
➜  ~ 

But if you create the peer with your own peer name, things seem to work, but only for those peers created with names

➜  ~ fly wg create nerves sea felix
Creating WireGuard peer "felix" in region "sea" for organization nerves

# ...omitted log

➜  ~ dig +short txt _peer.internal  

➜  ~ dig +short aaaa felix._peer.internal                              

Maybe this is working correctly? Though I would expect to be able to query the TXT for peers even if the name of a peer was generated for me :beers:

Yes! This is poorly documented but I think what you’re describing is working as expected.

We didn’t originally do anything different with interactive- peers, and they were in the DNS like everything else. But there are a zillion interactive- peers now, and nobody ever looks any of those names up, and they crud up our state sync, so we filter them out of DNS.


Can you change the name of a peer? Or is the process to just delete and recreate with desired arguments?

Yep, it’s just delete and re-create. Peers are cheap. :slight_smile:

(I know this is annoying, because you may have to swap out WireGuard configuration somewhere else; but yeah, the answer is that there’s nothing in our API that renames them).

Also, what would you think about adjust the fly wireguard create command to support --name and --region flags vs a hardcode order of arguments? Or even just switching the order to be fly wg create org name region [flags]?

Most of the time I’m fine with the auto selected region (or even prefer), but I want to specify the name

I can do the flags without breaking anything for anyone else (and I’m already in that code today) so, sure. :slight_smile: I’ll take a swing at it. (Kurt will want me to say “no promises”).

1 Like