Hey folks!
I’ve followed the examples to start a Node app, connect it to a Postrgres DB, and then also connect to that DB from my Mac (Catalina 10.15.7
) via WireGuard.
I’m stuck at the last step though
I can’t seem to locally resolve private network apps and other hosts (like _apps.internal
) through the WireGuard link… What follows is eerily similar to the WireGuard noob challenges post.
Details
With some stuff redacted.
- Region:
syd
- Local config name:
focus
focus.conf (from running flyctl wireguard create
)
[Interface]
PrivateKey = [redacted]
Address = fdaa:0:247c:a7b:d6b:0:a:2/120
DNS = fdaa:0:247c::3
[Peer]
PublicKey = XpoqGXlKQ6rebMJVAzt4CX4za5gi1S+KU9v/wWUa6iw=
AllowedIPs = fdaa:0:247c::/48
Endpoint = syd1.gateway.6pn.dev:51820
PersistentKeepalive = 15
Starting the wireguard link
# Install wireguard.
brew install wireguard-tools
# Move the generated config so wg-quick can reference by name.
mv ./focus.conf /usr/local/etc/wireguard/focus.conf
# Start wireguard with our config.
wg-quick up focus
[#] wireguard-go utun
[+] Interface for focus is utun2
[#] wg setconf utun2 /dev/fd/63
[#] ifconfig utun2 inet6 fdaa:0:247c:a7b:d6b:0:a:2/120 alias
[#] ifconfig utun2 up
[#] route -q -n add -inet6 fdaa:0:247c::/48 -interface utun2
[#] networksetup -getdnsservers Display Ethernet
[#] networksetup -getsearchdomains Display Ethernet
[#] networksetup -getdnsservers USB-C Dock Ethernet
[#] networksetup -getsearchdomains USB-C Dock Ethernet
[#] networksetup -getdnsservers Display FireWire
[#] networksetup -getsearchdomains Display FireWire
[#] networksetup -getdnsservers Wi-Fi
[#] networksetup -getsearchdomains Wi-Fi
[#] networksetup -getdnsservers Bluetooth PAN
[#] networksetup -getsearchdomains Bluetooth PAN
[#] networksetup -getdnsservers Thunderbolt Bridge
[#] networksetup -getsearchdomains Thunderbolt Bridge
[#] networksetup -getdnsservers focus
[#] networksetup -getsearchdomains focus
[#] networksetup -setdnsservers Bluetooth PAN fdaa:0:247c::3
[#] networksetup -setsearchdomains Bluetooth PAN Empty
[#] networksetup -setdnsservers Wi-Fi fdaa:0:247c::3
[#] networksetup -setsearchdomains Wi-Fi Empty
[#] networksetup -setdnsservers Display FireWire fdaa:0:247c::3
[#] networksetup -setsearchdomains Display FireWire Empty
[#] networksetup -setdnsservers Thunderbolt Bridge fdaa:0:247c::3
[#] networksetup -setsearchdomains Thunderbolt Bridge Empty
[#] networksetup -setdnsservers Display Ethernet fdaa:0:247c::3
[#] networksetup -setsearchdomains Display Ethernet Empty
[#] networksetup -setdnsservers focus fdaa:0:247c::3
[#] networksetup -setsearchdomains focus Empty
[#] networksetup -setdnsservers USB-C Dock Ethernet fdaa:0:247c::3
[#] networksetup -setsearchdomains USB-C Dock Ethernet Empty
[+] Backgrounding route monitor
And then when we run “wg
”
interface: utun2
public key: ay9xmtckQr54F43i0+P0LD/UJ2nT5/Xzsgrc+V4pAXw=
private key: (hidden)
listening port: 50194
peer: XpoqGXlKQ6rebMJVAzt4CX4za5gi1S+KU9v/wWUa6iw=
endpoint: 43.245.48.112:51820
allowed ips: fdaa:0:247c::/120
latest handshake: 1 minute, 42 seconds ago
transfer: 1.08 KiB received, 3.59 KiB sent
persistent keepalive: every 15 seconds
Checking if the tunnel is working with “dig
”
dig -t txt _apps.internal
; <<>> DiG 9.10.6 <<>> -t txt _apps.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10220
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_apps.internal. IN TXT
;; AUTHORITY SECTION:
. 86342 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2021043000 1800 900 604800 86400
;; Query time: 9 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Apr 30 15:23:47 AEST 2021
;; MSG SIZE rcvd: 118
Checking if the tunnel is working with “dig
” with generated DNS IP fdaa:0:247c::3
I swapped out the actual answering app names…
dig -t txt _apps.internal @fdaa:0:247c::3
; <<>> DiG 9.10.6 <<>> -t txt _apps.internal @fdaa:0:247c::3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5528
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;_apps.internal. IN TXT
;; ANSWER SECTION:
_apps.internal. 300 IN TXT "example-postgres,example-myapp"
;; Query time: 23 msec
;; SERVER: fdaa:0:247c::3#53(fdaa:0:247c::3)
;; WHEN: Fri Apr 30 15:25:53 AEST 2021
;; MSG SIZE rcvd: 88
Question
So at this point I tried look around to see if other people have had general issues with WireGuard’s DNS not resolving host names correctly for MacOS; there were a few posts around, generally to do with change the AllowedIPs
to a broad range like `0.0.0.0/0, but that doesn’t seem to work.
Has anyone else run into this issue and resolved it?