说明
wgsd 通过 DNS-SD(RFC6763)语义提供 WireGuard 对等方信息。通过它可以动态发现 WireGuard 端点寻址(IP 地址和端口号),同时 NAT 与 NAT 之间的 WireGuard 连接也可以受益于它,它支持 UDP 打洞。
遵循 RFC6763 这项插件通过在名称空间 _wireguard._udp.<区> 中的 PTR 记录提供对等方列表。PTR 记录的目标是 <base32PubKey>._wireguard._udp.<区>,这对应 SRV 记录。SRV 目标有以下形式:<base32PubKey>._wireguard._udp.<区>。当查询对等方的 SRV 记录时,目标 A/AAAA 记录将包含在响应的“附加”部分中。公钥采用 Base32(而非 Base64)表示,以便让它们用于 DNS 将其视为不区分大小写的节点名称。
语法
wgsd ZONE DEVICE
示例
此配置
$ cat Corefile
.:5353 {
wgsd example.com. wg0
}
与下列 WireGuard 对等方
$ sudo wg show
interface: wg0
public key: JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=
private key: (hidden)
listening port: 51820
peer: xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4=
endpoint: 203.0.113.1:7777
allowed ips: 10.0.0.1/32
latest handshake: 14 hours, 24 minutes, 40 seconds ago
transfer: 840.64 KiB received, 85.54 KiB sent
peer: syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=
endpoint: 198.51.100.1:8888
allowed ips: 10.0.0.2/32
latest handshake: 4 days, 15 hours, 8 minutes, 12 seconds ago
transfer: 1.38 MiB received, 139.42 KiB sent
将响应
$ dig @127.0.0.1 -p 5353 _wireguard._udp.example.com. PTR +noall +answer +additional
_wireguard._udp.example.com. 0 IN PTR yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com.
_wireguard._udp.example.com. 0 IN PTR wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com.
$
$ dig @127.0.0.1 -p 5353 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. SRV +noall +answer +additional
yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN SRV 0 0 7777 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====.example.com.
yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====.example.com. 0 IN A 203.0.113.1
$
$ dig @127.0.0.1 -p 5353 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. SRV +noall +answer +additional
wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN SRV 0 0 8888 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====.example.com.
wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====.example.com. 0 IN A 198.51.100.1
使用 coreutils 将公钥转换为 Base64
$ echo yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha==== | tr '[:lower:]' '[:upper:]' | base32 -d | base64
xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4=
$ echo wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q==== | tr '[:lower:]' '[:upper:]' | base32 -d | base64
syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=