On Thu, 12 Oct 2023 12:12:18 +0200 Daniel =?utf-8?Q?Gr=C3=B6ber?= <d...@darkboxed.org> wrote:
Hi Daniel, > On Thu, Oct 12, 2023 at 11:14:58AM +0200, Mathias Behrle wrote: > > I also ran into this problem, a resolvconf command is required for > > wg-quick > > Saying that resolvconf is _required_ for wg-quick is a bit of a stretch, > it's only needed when a DNS= line is present in the config. > > > Please promote the Suggests for the resolvers to at least Recommends. > > The problem I see with a recommends is that wireguard is frequently used on > servers/routers but openresolv/resolvconf have various problems on such > systems. > > I've personally had problems with them breaking an unbound server, but > #761050 "openresolv sets local bind to always forward requests, even when > local bind is authoritative" discusses a similar problem with BIND. > > What is your exact use-case? I assume it's for a desktop VPN, in which case > adding systemd-resolved support to wg-quick might be less > problematic. Yes, indeed my use case is a desktop VPN. FWIW both resolvconf and systemd-resolved broke immediately my DNS, while openresolv worked. I don't know for which reasons Recommends for the resolve tools were dropped to Suggests. The issue for me is that 1) First the description in control This package contains command-line tools to interact with the WireGuard kernel module. Currently, it provides only a single tool: . wg: set and retrieve configuration of WireGuard interfaces is no more appropriate. It ships now wg-quick, too. 2) The decision to downgrade resolve tools to Suggests may perhaps date back to a time where wg was indeed the only binary shipped in the package? At least with wg-quick included things are different. Let me depict the example that led me here: Not a wireguard user so far I got a sample wireguard config _with DNS entry_ included. Now wg-quick failed from the beginning which is a major annoyance and a really bad user experience. I think it could be a very common use case to use wireguard configurations with DNS entries. Thus the package should work out-of-the-box in a default Debian installation. 3) FWIW I tried with the three commonly suggested resolvconf tools. - systemd-resolved and resolvconf immediately broke my DNS. - Only openresolv worked out of the box. So for me the state as in https://salsa.debian.org/debian/wireguard/-/blob/debian/master/debian/control with Suggests: openresolv | resolvconf is the right one, only that for my use case they should be rather in Recommends, just like nftables|iptables in https://salsa.debian.org/debian/wireguard/-/commit/3c3c505a8e4008bffa78f6649854ffe4b1712557 As a thought: if it makes substantial problems to install by default a resolv conf tool on servers would it perhaps improve things a little bit, if wg-quick would be phased out into a separate package? Finally, if that all is yet not applicable for you then please document the current situation in README.Debian where my next source of information for the package is when I run into problems. It would have helped me lot ;) Thanks, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6