Wireguard: Endpoint DNS Deadlock (Endpoint domain resolved through broken WG connection)
When using a domain as an endpoint in wireguard, the domain is only resolved when the connection is first established. If the DNS doesn't resolve at that time, the connection is broken (#738 (closed)). Also if the IP address of the domain changes (e.g. a DDNS setup), wireguard will keep using the old IP address.
The wireguard tools provide a script which can update the endpoints for existing wg connections, but I think it doesn't work for NetworkManger (see https://wiki.archlinux.org/title/WireGuard#Endpoint_with_changing_IP). The best solution would probably be an option for NetworkManager to monitor peer domain names and update the IPs when they change. This would also fix #738 (closed).