diff --git a/conf.go b/conf.go
index d5d4b04..bb178bb 100644
--- a/conf.go
+++ b/conf.go
@@ -6,7 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
-	"math/rand"
 	"net"
 	"time"
 
@@ -28,10 +27,10 @@ type peer struct {
 	ipPort string
 }
 
-func newPeerEndpoint(opts options) (*peer, error) {
+func newPeerEndpoint() (*peer, error) {
 	pubKey, err := base64.StdEncoding.DecodeString(opts.PeerKey)
 	if err != nil {
-		return nil, fmt.Errorf("parse peer key: %w", err)
+		return nil, fmt.Errorf("parse peer public key: %w", err)
 	}
 
 	p := &peer{
@@ -39,13 +38,12 @@ func newPeerEndpoint(opts options) (*peer, error) {
 			Resolver: &net.Resolver{
 				PreferGo: true,
 				Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
-					if len(opts.DNS) > 0 {
-						host := opts.DNS[rand.Intn(len(opts.DNS))]
+					if opts.DNS != "" {
 						port := "53"
 						if opts.DoT != "" {
 							port = opts.DoT
 						}
-						address = net.JoinHostPort(host, port)
+						address = net.JoinHostPort(opts.DNS, port)
 					}
 					logger.Verbosef("Using %s to resolve peer endpoint", address)
 
@@ -67,6 +65,9 @@ func newPeerEndpoint(opts options) (*peer, error) {
 		addr:      opts.PeerEndpoint,
 	}
 	p.ipPort, err = p.resolveAddr()
+	if err != nil {
+		return nil, fmt.Errorf("resolve peer endpoint: %w", err)
+	}
 	return p, err
 }
 
@@ -104,27 +105,27 @@ func (p *peer) updateConf() (string, bool) {
 func (p *peer) resolveAddr() (string, error) {
 	c, err := p.dialer.Dial("udp", p.addr)
 	if err != nil {
-		return "", fmt.Errorf("dial %s: %w", p.addr, err)
+		return "", err
 	}
 	defer c.Close()
 	return c.RemoteAddr().String(), nil
 }
 
-func ipcSet(dev *device.Device, opts options) error {
+func ipcSet(dev *device.Device) error {
 	privateKey, err := base64.StdEncoding.DecodeString(opts.PrivateKey)
 	if err != nil {
-		return fmt.Errorf("parse private key: %w", err)
+		return fmt.Errorf("parse client private key: %w", err)
 	}
 	conf := "private_key=" + hex.EncodeToString(privateKey) + "\n"
 
-	peer, err := newPeerEndpoint(opts)
+	peer, err := newPeerEndpoint()
 	if err != nil {
 		return err
 	}
 	conf += peer.initConf()
 
 	if err := dev.IpcSet(conf); err != nil {
-		return fmt.Errorf("set device config: %w", err)
+		return err
 	}
 
 	if peer.addr != peer.ipPort {
@@ -138,7 +139,7 @@ func ipcSet(dev *device.Device, opts options) error {
 				}
 
 				if err := dev.IpcSet(conf); err != nil {
-					logger.Errorf("Set device config: %v", err)
+					logger.Errorf("Config device: %v", err)
 				}
 			}
 		}()
diff --git a/main.go b/main.go
index d366555..e45384e 100644
--- a/main.go
+++ b/main.go
@@ -22,25 +22,27 @@ import (
 //go:embed README.md
 var readme string
 
-var logger *device.Logger
+var (
+	logger *device.Logger
+	opts   options
+)
 
 type options struct {
-	PeerEndpoint string   `long:"peer-endpoint" env:"PEER_ENDPOINT" required:"true" description:"WireGuard server address"`
-	PeerKey      string   `long:"peer-key" env:"PEER_KEY" required:"true" description:"WireGuard server public key in base64 format"`
-	PrivateKey   string   `long:"private-key" env:"PRIVATE_KEY" required:"true" description:"WireGuard client private key in base64 format"`
-	ClientIPs    []string `long:"client-ip" env:"CLIENT_IP" env-delim:"," required:"true" description:"WireGuard client IP address"`
-	DNS          []string `long:"dns" env:"DNS" env-delim:"," description:"DNS servers for WireGuard network and resolving server address"`
+	PeerEndpoint string   `long:"peer-endpoint" env:"PEER_ENDPOINT" description:"WireGuard server address"`
+	PeerKey      string   `long:"peer-key" env:"PEER_KEY" description:"WireGuard server public key in base64 format"`
+	PrivateKey   string   `long:"private-key" env:"PRIVATE_KEY" description:"WireGuard client private key in base64 format"`
+	ClientIPs    []string `long:"client-ip" env:"CLIENT_IP" env-delim:"," description:"WireGuard client IP address"`
+	DNS          string   `long:"dns" env:"DNS" description:"DNS server for WireGuard network and resolving server address"`
 	DoT          string   `long:"dot" env:"DOT" description:"Port for DNS over TLS, used to resolve WireGuard server address if available"`
 	MTU          int      `long:"mtu" env:"MTU" default:"1280" description:"MTU for WireGuard network"`
 	Listen       string   `long:"listen" env:"LISTEN" default:"localhost:8080" description:"HTTP & SOCKS5 server address"`
-	ExitMode     string   `long:"exit-mode" env:"EXIT_MODE" default:"remote" choice:"remote" choice:"local" description:"Exit mode"`
+	ExitMode     string   `long:"exit-mode" env:"EXIT_MODE" choice:"remote" choice:"local" default:"remote" description:"Exit mode"`
 	Verbose      bool     `short:"v" long:"verbose" description:"Show verbose debug information"`
 
 	ClientID string `long:"client-id" env:"CLIENT_ID" hidden:"true"`
 }
 
 func main() {
-	opts := options{}
 	parser := flags.NewParser(&opts, flags.Default)
 	parser.Usage = `[OPTIONS]
 
@@ -64,21 +66,22 @@ Description:`
 	} else {
 		logger = device.NewLogger(device.LogLevelError, "")
 	}
+	logger.Verbosef("Options: %+v", opts)
 
-	dev, tnet, err := setupNet(opts)
+	dev, tnet, err := setupNet()
 	if err != nil {
 		logger.Errorf("Setup netstack: %v", err)
 		os.Exit(1)
 	}
 
-	listener, err := proxyListener(opts, tnet)
+	listener, err := proxyListener(tnet)
 	if err != nil {
 		logger.Errorf("Create net listener: %v", err)
 		os.Exit(1)
 	}
 
 	socksListener, httpListener := proxymux.SplitSOCKSAndHTTP(listener)
-	dialer := proxyDialer(opts, tnet)
+	dialer := proxyDialer(tnet)
 
 	httpProxy := &http.Server{Handler: statsHandler(httpproxy.Handler(dialer), dev)}
 	socksProxy := &socks5.Server{Dialer: dialer}
@@ -100,7 +103,7 @@ Description:`
 	os.Exit(1)
 }
 
-func proxyDialer(opts options, tnet *netstack.Net) (dialer func(ctx context.Context, network, address string) (net.Conn, error)) {
+func proxyDialer(tnet *netstack.Net) (dialer func(ctx context.Context, network, address string) (net.Conn, error)) {
 	switch opts.ExitMode {
 	case "local":
 		d := net.Dialer{}
@@ -111,7 +114,7 @@ func proxyDialer(opts options, tnet *netstack.Net) (dialer func(ctx context.Cont
 	return
 }
 
-func proxyListener(opts options, tnet *netstack.Net) (net.Listener, error) {
+func proxyListener(tnet *netstack.Net) (net.Listener, error) {
 	var tcpListener net.Listener
 
 	tcpAddr, err := net.ResolveTCPAddr("tcp", opts.Listen)
@@ -135,21 +138,18 @@ func proxyListener(opts options, tnet *netstack.Net) (net.Listener, error) {
 	return tcpListener, nil
 }
 
-func setupNet(opts options) (*device.Device, *netstack.Net, error) {
+func setupNet() (*device.Device, *netstack.Net, error) {
 	ips := []net.IP{}
 	for _, s := range opts.ClientIPs {
-		ip := net.ParseIP(s)
-		if ip == nil {
-			return nil, nil, fmt.Errorf("invalid client ip: %s", s)
+		if ip := net.ParseIP(s); ip != nil {
+			ips = append(ips, ip)
 		}
-		ips = append(ips, ip)
+	}
+	if len(ips) == 0 {
+		return nil, nil, fmt.Errorf("not have a valid client ip: %s", opts.ClientIPs)
 	}
 	dnsServers := []net.IP{}
-	for _, s := range opts.DNS {
-		ip := net.ParseIP(s)
-		if ip == nil {
-			return nil, nil, fmt.Errorf("invalid dns ip: %s", s)
-		}
+	if ip := net.ParseIP(opts.DNS); ip != nil {
 		dnsServers = append(dnsServers, ip)
 	}
 	tun, tnet, err := netstack.CreateNetTUN(ips, dnsServers, opts.MTU)
@@ -158,7 +158,7 @@ func setupNet(opts options) (*device.Device, *netstack.Net, error) {
 	}
 	dev := device.NewDevice(tun, newConnBind(opts.ClientID), logger)
 
-	if err := ipcSet(dev, opts); err != nil {
+	if err := ipcSet(dev); err != nil {
 		return nil, nil, fmt.Errorf("config device: %w", err)
 	}