Place1/wg-access-server

EDNS0 client subnet support (ECS)

roleta opened this issue · 0 comments

Good new everyone!

First of all, you made excellent SW. Big THANKS to all of you :-)

I really would like to see EDNS0 client subnet support in this solution. It should be definitely by default disabled. Most of us are using this SW next to PI-HOLE as DNS in docker container. VPN gate is in public internet, so majority of us would like to see outgoing DNS queries encrypted with DoT/DoH/DNSCRYPT. To many containers means for me using network instead of host networking and than I can not see the original IP of my WIREGUARD client in PI-HOLE logs. I really would like to avoid playing with default IPTABLES rules for docker (showstopper for me in project MISTBORN).

I assume that DNS resolver cache used in this project is DNSMASQ, so it is just configuration change:
add-mac
add-subnet=32,128

expected behaviour:
default: ECS=disables
custom: ECS=yes (will add above config to DNSMASQ)

It is possible to add this feature request to this brilliant SW?