Our hole punching method actually works pretty similarly to wgsd. There is a wireguard interface on the server, clients connect, and then that information is server to peers using MQ. That is the main difference, we send the updates over MQ as opposed to clients querying over DNS.