I particularly appreciated the explanation of NAT traversal around 8:04. Nice succinct explanation of something that always seemed a bit scary.

The explanation was good but I have a quip with treating video games as lesser. We were doing NAT punchthrough and other complex UDP NAT traversal well before STUN/TURN was an established thing.

That said most of it has centralized to so that there is an authoritative server to handle cheating which means that you can mostly get away with not needing a complex traversal these days. Some of the stuff in the early '00s did some pretty impressive things(ex: dynamic host migration when the hosting console would drop out).

Side note: Tailscale, like WireGuard itself, has problems in iOS with native IPv6 networks which use 464XLAT because WireGuard prefers the A record on a DNS request. This breaks when you're being proxied over an IPv6, and that proxy gets dropped. Then you don't receive notifications until the proxy is re-established.

(Interviewee here) WireGuard itself barely touches DNS, and tailscale as far as I know doesn’t have any code that would change how your external DNS resolution works. What you’re seeing might be a misdiagnosis. If you email tailscale support we’ll be happy to help figure out what happened and if it’s a bug.

Is there any way to make wireguard behave differently in this scenario?

Yea. There is code which does the DNS request. If it returns an AAAA prefer that.

> The nice thing about starting a software company is you can amortize the cost of making this one thing better across all of the paying customers.

On the economies of scale of software at about minute 42.