Add hardcoded public dns

2026-03-12 21:56:39 +00:00 · 2026-03-11 16:47:01 -07:00
parent 9c0e37eddb
commit c6a486a0a6
9 changed files with 55 additions and 38 deletions
--- a/peers/manager.go
+++ b/peers/manager.go
@@ -32,7 +32,8 @@ type PeerManagerConfig struct {
 	SharedBind *bind.SharedBind
 	// WSClient is optional - if nil, relay messages won't be sent
 	WSClient  *websocket.Client
-	APIServer *api.API
+	APIServer   *api.API
+	PublicDNS []string
 }

 type PeerManager struct {
@@ -50,7 +51,8 @@ type PeerManager struct {
 	// key is the CIDR string, value is a set of siteIds that want this IP
 	allowedIPClaims map[string]map[int]bool
 	APIServer       *api.API
-	
+	publicDNS     []string
+
 	PersistentKeepalive int
 }

@@ -65,6 +67,7 @@ func NewPeerManager(config PeerManagerConfig) *PeerManager {
 		allowedIPOwners: make(map[string]int),
 		allowedIPClaims: make(map[string]map[int]bool),
 		APIServer:       config.APIServer,
+		publicDNS:     config.PublicDNS,
 	}

 	// Create the peer monitor
@@ -74,6 +77,7 @@ func NewPeerManager(config PeerManagerConfig) *PeerManager {
 		config.LocalIP,
 		config.SharedBind,
 		config.APIServer,
+		config.PublicDNS,
 	)

 	return pm
@@ -129,7 +133,7 @@ func (pm *PeerManager) AddPeer(siteConfig SiteConfig) error {
 	wgConfig := siteConfig
 	wgConfig.AllowedIps = ownedIPs

-	if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(siteConfig.SiteId), pm.PersistentKeepalive); err != nil {
+	if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(siteConfig.SiteId), pm.PersistentKeepalive, pm.publicDNS); err != nil {
 		return err
 	}

@@ -270,7 +274,7 @@ func (pm *PeerManager) RemovePeer(siteId int) error {
 			ownedIPs := pm.getOwnedAllowedIPs(promotedPeerId)
 			wgConfig := promotedPeer
 			wgConfig.AllowedIps = ownedIPs
-			if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(promotedPeerId), pm.PersistentKeepalive); err != nil {
+			if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(promotedPeerId), pm.PersistentKeepalive, pm.publicDNS); err != nil {
 				logger.Error("Failed to update promoted peer %d: %v", promotedPeerId, err)
 			}
 		}
@@ -346,7 +350,7 @@ func (pm *PeerManager) UpdatePeer(siteConfig SiteConfig) error {
 	wgConfig := siteConfig
 	wgConfig.AllowedIps = ownedIPs

-	if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(siteConfig.SiteId), pm.PersistentKeepalive); err != nil {
+	if err := ConfigurePeer(pm.device, wgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(siteConfig.SiteId), pm.PersistentKeepalive, pm.publicDNS); err != nil {
 		return err
 	}

@@ -356,7 +360,7 @@ func (pm *PeerManager) UpdatePeer(siteConfig SiteConfig) error {
 			promotedOwnedIPs := pm.getOwnedAllowedIPs(promotedPeerId)
 			promotedWgConfig := promotedPeer
 			promotedWgConfig.AllowedIps = promotedOwnedIPs
-			if err := ConfigurePeer(pm.device, promotedWgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(promotedPeerId), pm.PersistentKeepalive); err != nil {
+			if err := ConfigurePeer(pm.device, promotedWgConfig, pm.privateKey, pm.peerMonitor.IsPeerRelayed(promotedPeerId), pm.PersistentKeepalive, pm.publicDNS); err != nil {
 				logger.Error("Failed to update promoted peer %d: %v", promotedPeerId, err)
 			}
 		}
--- a/peers/monitor/monitor.go
+++ b/peers/monitor/monitor.go
@@ -34,6 +34,7 @@ type PeerMonitor struct {
 	timeout         time.Duration
 	maxAttempts int
 	wsClient    *websocket.Client
+	publicDNS []string

 	// Netstack fields
 	middleDev   *middleDevice.MiddleDevice
@@ -82,7 +83,7 @@ type PeerMonitor struct {
 }

 // NewPeerMonitor creates a new peer monitor with the given callback
-func NewPeerMonitor(wsClient *websocket.Client, middleDev *middleDevice.MiddleDevice, localIP string, sharedBind *bind.SharedBind, apiServer *api.API) *PeerMonitor {
+func NewPeerMonitor(wsClient *websocket.Client, middleDev *middleDevice.MiddleDevice, localIP string, sharedBind *bind.SharedBind, apiServer *api.API, publicDNS []string) *PeerMonitor {
 	ctx, cancel := context.WithCancel(context.Background())
 	pm := &PeerMonitor{
 		monitors:             make(map[int]*Client),
@@ -91,6 +92,7 @@ func NewPeerMonitor(wsClient *websocket.Client, middleDev *middleDevice.MiddleDe
 		wsClient:             wsClient,
 		middleDev:            middleDev,
 		localIP:              localIP,
+		publicDNS:          publicDNS,
 		activePorts:          make(map[uint16]bool),
 		nsCtx:                ctx,
 		nsCancel:             cancel,
@@ -124,7 +126,7 @@ func NewPeerMonitor(wsClient *websocket.Client, middleDev *middleDevice.MiddleDe

 	// Initialize holepunch tester if sharedBind is available
 	if sharedBind != nil {
-		pm.holepunchTester = holepunch.NewHolepunchTester(sharedBind)
+		pm.holepunchTester = holepunch.NewHolepunchTester(sharedBind, publicDNS)
 	}

 	return pm
--- a/peers/peer.go
+++ b/peers/peer.go
@@ -11,14 +11,14 @@ import (
 )

 // ConfigurePeer sets up or updates a peer within the WireGuard device
-func ConfigurePeer(dev *device.Device, siteConfig SiteConfig, privateKey wgtypes.Key, relay bool, persistentKeepalive int) error {
+func ConfigurePeer(dev *device.Device, siteConfig SiteConfig, privateKey wgtypes.Key, relay bool, persistentKeepalive int, publicDNS []string) error {
 	var endpoint string
 	if relay && siteConfig.RelayEndpoint != "" {
 		endpoint = formatEndpoint(siteConfig.RelayEndpoint)
 	} else {
 		endpoint = formatEndpoint(siteConfig.Endpoint)
 	}
-	siteHost, err := util.ResolveDomain(endpoint)
+	siteHost, err := util.ResolveDomainUpstream(endpoint, publicDNS)
 	if err != nil {
 		return fmt.Errorf("failed to resolve endpoint for site %d: %v", siteConfig.SiteId, err)
 	}