|
1 | | -# Forward DNS requests from remote WireGuard clients to the default |
2 | | -# gateway on the internal bridged network that the WireGuard container |
3 | | -# is attached to. The gateway routes queries out from the bridged network to |
4 | | -# the host's network. This results in queries being sent to any daemon or |
5 | | -# container that is listening on host port 53 (eg PiHole, AdGuardHome, dnsmasq |
6 | | -# or bind9). |
7 | | -# |
8 | | -# Acknowledgement: @ukkopahis |
| 1 | +#!/bin/bash |
9 | 2 |
|
10 | | -GW=$(ip route list default | head -1 | cut -d " " -f 3) |
11 | | -echo Creating Corefile to use DNS at $GW |
12 | | -echo "# Generated by use-container-dns.sh |
13 | | -. { |
14 | | - loop |
15 | | - forward . dns://${GW} |
16 | | -}" > /config/coredns/Corefile |
| 3 | +# If you are doing ALL of the following: |
| 4 | +# |
| 5 | +# 1. Running an ad-blocking DNS service (Pi-hole, AdGuardHome |
| 6 | +# or similar) on the same (repeat SAME) host as WireGuard; AND |
| 7 | +# |
| 8 | +# 2. The host itself does NOT use the ad-blocker for its DNS; AND |
| 9 | +# |
| 10 | +# 3. You want WireGuard to direct remote clients to the ad-blocker |
| 11 | +# for their DNS, |
| 12 | +# |
| 13 | +# then this script is what you need. |
| 14 | +# |
| 15 | +# 1. This script expects to be installed at the path: |
| 16 | +# |
| 17 | +# ./volumes/wireguard/custom-cont-init.d/use-container-dns.sh |
| 18 | +# |
| 19 | +# 2. This script should be owned root:root with mode 755 |
| 20 | +# |
| 21 | +# 3. This scipt relies on the following clause in the WireGuard |
| 22 | +# service definition (in your docker-compose.yml) |
| 23 | +# |
| 24 | +# extra_hosts: |
| 25 | +# - "host.docker.internal:host-gateway" |
| 26 | +# |
| 27 | +# How it works. On first launch, if this script is present in the |
| 28 | +# 'custom-cont-init.d' directory, it attempts to resolve the name |
| 29 | +# 'host.docker.internal'. If the 'extra_hosts' clause defines that |
| 30 | +# name (as above) then the result of the lookup will be the dynamically |
| 31 | +# allocated IP address of the 'docker0' network interface. That IP |
| 32 | +# address is, effectively, a synonym for "this host". Assuming the |
| 33 | +# lookup succeeds, the IP address is used to construct a directive to |
| 34 | +# be appended to '/etc/resolvconf.conf'. On a restart, the directive |
| 35 | +# will already be present so it is not added twice. If the directive is |
| 36 | +# not present, it is appended and 'resolvconf -u' is invoked to rebuild |
| 37 | +# '/etc/resolv.conf'. |
| 38 | +# |
| 39 | +# Omitting either this script or the 'extra_hosts' clause will see |
| 40 | +# WireGuard revert to the default behaviour: follow /etc/resolv.conf |
| 41 | +# which, in the absence of the actions of this script, means do whatever |
| 42 | +# the host does. |
| 43 | + |
| 44 | + |
| 45 | +# discover the IP address of host.docker.internal |
| 46 | +GW="$(getent hosts host.docker.internal | awk '{print $1}')" |
| 47 | +# did the name resolve? |
| 48 | +if [ -n "$GW" ] ; then |
| 49 | + # yes! form the directive |
| 50 | + RESOLV="name_servers=$GW" |
| 51 | + # is the directive already present? |
| 52 | + if [ $(grep -c "$RESOLV" /etc/resolvconf.conf ) -eq 0 ] ; then |
| 53 | + # no! add it, then apply it |
| 54 | + echo "$RESOLV" >>/etc/resolvconf.conf |
| 55 | + resolvconf -u |
| 56 | + fi |
| 57 | +fi |
17 | 58 |
|
0 commit comments