diff --git a/extras/wg-resolve/config.env b/extras/wg-resolve/config.env
index 393cd3a..f6766c5 100644
--- a/extras/wg-resolve/config.env
+++ b/extras/wg-resolve/config.env
@@ -1,3 +1,5 @@
+# network namespace name
+WG_NAMESPACE=netns0
 # local wireguard interface name
 WG_INTERFACE=wg0
 # server wireguard public key
diff --git a/extras/wg-resolve/wg-resolve.sh b/extras/wg-resolve/wg-resolve.sh
index eef13ff..0245f62 100755
--- a/extras/wg-resolve/wg-resolve.sh
+++ b/extras/wg-resolve/wg-resolve.sh
@@ -1,7 +1,12 @@
 #!/bin/sh
 set -eu
 
-if ! ping -q -c 1 -W "${WG_TIMEOUT:-5}" "$WG_GATEWAY"; then
+# dependencies: dig, ip, ping and wg
+
+WG_ENDPOINT_DOMAIN="${WG_ENDPOINT%%:*}"
+WG_ENDPOINT_PORT="${WG_ENDPOINT##*:}"
+
+if ! ip netns exec "$WG_NAMESPACE" ping -q -c 1 -W "${WG_TIMEOUT:-5}" "$WG_GATEWAY"; then
     echo 'probe failed, resolving endpoint'
-    wg set "$WG_INTERFACE" peer "$WG_PEER" endpoint "$WG_ENDPOINT"
+    ip netns exec "$WG_NAMESPACE" wg set "$WG_INTERFACE" peer "$WG_PEER" endpoint "$(dig +short "$WG_ENDPOINT_DOMAIN"):$WG_ENDPOINT_PORT"
 fi