WireGuard DNS support for destination address

[aramperes]

Right now the destination IP will get resolved using the system resolver. However, if a --dns options is provided, onetun should resolve the destination IP using the given peer IP(s) (nameserver) instead. This is a feature in WireGuard configurations.

For example:

onetun 127.0.0.1:8080 pc.intranet:8080  \
    --dns 192.168.4.1                   \
    --endpoint-addr 140.30.3.182:51820  \
    [...options...]

... Should resolve pc.intranet by querying 192.168.4.1 (through WireGuard) instead of the system resolver. It's the equivalent of setting DNS = 192.168.4.1 in a peer's wg0.conf.

Should support multiple DNS servers (prioritizing using the supplied order). Only peer IPs can be given, since onetun has no way of knowing which nameservers should be tunnelled and which shouldn't. The endpoint must have the given DNS server as an AllowedIP.

If --dns is provided and the resolution fails, onetun should fall back to the system resolver, unless --dns-strict is also passed. In that case, onetun will exclusively use the nameservers passed using --dns. If resolution fails entirely, onetun exits.

[aramperes]

Blocked by smoltcp-rs/smoltcp#465

[aramperes]

This is unblocked now; however, smoltcp doesn't support AAAA queries yet which may be a blocker since onetun supports IPv6.

[uuonda]

As of now, this in unavailable in the latest release, right? DNS leakage is usually what one wants to avoid.