diff --git a/main.go b/main.go
index eeb1a3b..4d9b037 100644
--- a/main.go
+++ b/main.go
@@ -18,17 +18,14 @@ import (
 	"github.com/zhsj/wghttp/internal/third_party/tailscale/socks5"
 )
 
-const (
-	dns = "1.0.0.1"
-	mtu = 1280
-)
-
 type options struct {
 	PeerEndpoint string   `long:"peer-endpoint" env:"PEER_ENDPOINT" required:"true" description:"WireGuard server address"`
 	PeerKey      string   `long:"peer-key" env:"PEER_KEY" required:"true" description:"WireGuard server public key in base64 format"`
 	PrivateKey   string   `long:"private-key" env:"PRIVATE_KEY" required:"true" description:"WireGuard client private key in base64 format"`
-	ClientIPs    []string `long:"client-ip" env:"CLIENT_IP" env-delim:"," required:"true" description:"WireGuard client address"`
-	Listen       string   `long:"listen" env:"LISTEN" required:"true" default:"localhost:8080" description:"http proxy server listen address"`
+	ClientIPs    []string `long:"client-ip" env:"CLIENT_IP" env-delim:"," required:"true" description:"WireGuard client IP address"`
+	Listen       string   `long:"listen" env:"LISTEN" default:"localhost:8080" description:"HTTP proxy server listen address"`
+	DNS          []string `long:"dns" env:"DNS" env-delim:"," default:"1.0.0.1" description:"DNS server IP address"`
+	MTU          int      `long:"mtu" env:"MTU" default:"1280" description:"MTU"`
 }
 
 func main() {
@@ -93,8 +90,16 @@ func setupNet(opts options) *netstack.Net {
 		}
 		ips = append(ips, ip)
 	}
+	dnsServers := []net.IP{}
+	for _, s := range opts.DNS {
+		ip := net.ParseIP(s)
+		if ip == nil {
+			log.Fatalf("invalid dns ip: %s", s)
+		}
+		dnsServers = append(dnsServers, ip)
 
-	tun, tnet, err := netstack.CreateNetTUN(ips, []net.IP{net.ParseIP(dns)}, mtu)
+	}
+	tun, tnet, err := netstack.CreateNetTUN(ips, dnsServers, opts.MTU)
 	if err != nil {
 		log.Fatal(err)
 	}