Open domy86 opened 1 week ago
cuonglm
commented
1 week ago Hi, changed DNS server settings on all interfaces is expected, it helps ctrld continue working if you switched interfaces.
The hostname not resolving is strange, we will take a look.
domy86
commented
1 week ago That is acceptable in case of physical interfaces but why virtual?! It screws up DNS resolution on their side, I don't want ctrld to mess with ZeroTier and VPN interfaces.
cuonglm
commented
1 week ago That is acceptable in case of physical interfaces but why virtual?! It screws up DNS resolution on their side, I don't want ctrld to mess with ZeroTier and VPN interfaces.
Hmm, we try setting DNS for physical interfaces only. See: https://github.com/Control-D-Inc/ctrld/blob/a00d2a431a8aac84204ef06c95fe4f62748fad5a/cmd/cli/net.go
What VPN services are you using? We probaly need to add MAC addresses range to list of filtering
cuonglm
commented
1 week ago Hmm, looking at your log, it's not clear what's the problem. For example, v1.3.7 log contains these lines:
{"level":"info","time":"2024-09-03T13:01:30+02:00.832","message":"[1af564] QUERY: 10.17.25.103:64201 (esign-local) -> listener.0: A domy-nas.lan"}
{"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] lan hostname lookup, using upstreams: [upstream.os upstream.0]"}
{"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] sending query to upstream.os: Private resolver"}
{"level":"info","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] REPLY: upstream.os -> 10.17.25.103:64201 (esign-local): NOERROR"}
{"level":"debug","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] received response of 30 bytes in 48.2267ms"}which indicates that the query is steering to the correct OS upstream for LAN query, and getting a OK response back.
The same logs appear in v1.3.4 log.
domy86
commented
1 week ago That is acceptable in case of physical interfaces but why virtual?! It screws up DNS resolution on their side, I don't want ctrld to mess with ZeroTier and VPN interfaces.
Hmm, we try setting DNS for physical interfaces only. See: https://github.com/Control-D-Inc/ctrld/blob/a00d2a431a8aac84204ef06c95fe4f62748fad5a/cmd/cli/net.go
What VPN services are you using? We probaly need to add MAC addresses range to list of filtering
MAC filtering will not work. For example, I have added two ZT interfaces, they have completely different MACs, including first six characters. Same with other colleagues. Maybe something like Get-NetAdapter | Where {$_.Virtual –eq $False} would be better?
PS C:\Users\Domy> Get-NetAdapter | Where {$_.Virtual –eq $False}
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
---- -------------------- ------- ------ ---------- ---------
Cellular 22 Quectel EM120R-GL 40 Not Present 0 bps
Cellular 20 Quectel EM120R-GL 38 Not Present 0 bps
Cellular 32 Quectel EM120R-GL 37 Not Present 0 bps
Cellular 21 Quectel EM120R-GL 36 Not Present 0 bps
Ethernet Intel(R) Ethernet Connection (13) I2... 35 Disconnected 9C-2D-CD-6F-B1-A2 0 bps
Cellular 28 Quectel EM120R-GL 33 Not Present 0 bps
Cellular 24 Quectel EM120R-GL 32 Not Present 0 bps
Cellular 23 Quectel EM120R-GL 31 Not Present 0 bps
Cellular 27 Quectel EM120R-GL 30 Not Present 0 bps
Cellular 31 Quectel EM120R-GL 28 Not Present 0 bps
Cellular 33 Quectel EM120R-GL 27 Not Present 0 bps
Cellular 26 Quectel EM120R-GL 26 Not Present 0 bps
Cellular 29 Quectel EM120R-GL 24 Not Present 0 bps
Cellular 30 Quectel EM120R-GL 23 Not Present 0 bps
Cellular 25 Quectel EM120R-GL 22 Not Present 0 bps
Ethernet (Dock) Realtek USB GbE Family Controller 20 Up 9C-2D-CD-6F-B1-A2 1 Gbps
Cellular 34 Quectel EM120R-GL 19 Not Present 0 bps
Wi-Fi Intel(R) Wi-Fi 6 AX201 160MHz 15 Disconnected C4-75-AB-FB-1B-61 0 bps
Cellular 19 Quectel EM120R-GL 13 Not Present 0 bps
Cellular 18 Quectel EM120R-GL 8 Disconnected B0-85-B2-5E-59-51 0 bpsThat was not the case with v1.3.4. Why?
domy86
commented
1 week ago Hmm, looking at your log, it's not clear what's the problem. For example, v1.3.7 log contains these lines:
{"level":"info","time":"2024-09-03T13:01:30+02:00.832","message":"[1af564] QUERY: 10.17.25.103:64201 (esign-local) -> listener.0: A domy-nas.lan"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] lan hostname lookup, using upstreams: [upstream.os upstream.0]"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] sending query to upstream.os: Private resolver"} {"level":"info","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] REPLY: upstream.os -> 10.17.25.103:64201 (esign-local): NOERROR"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] received response of 30 bytes in 48.2267ms"}which indicates that the query is steering to the correct OS upstream for LAN query, and getting a OK response back.
The same logs appear in v1.3.4 log.
I saw that too but for some reason, it doesn't work, tried to switch back and forth a couple of times. No changes have been done on my local network.
cuonglm
commented
1 week ago Hmm, looking at your log, it's not clear what's the problem. For example, v1.3.7 log contains these lines:
{"level":"info","time":"2024-09-03T13:01:30+02:00.832","message":"[1af564] QUERY: 10.17.25.103:64201 (esign-local) -> listener.0: A domy-nas.lan"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] lan hostname lookup, using upstreams: [upstream.os upstream.0]"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] sending query to upstream.os: Private resolver"} {"level":"info","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] REPLY: upstream.os -> 10.17.25.103:64201 (esign-local): NOERROR"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] received response of 30 bytes in 48.2267ms"}which indicates that the query is steering to the correct OS upstream for LAN query, and getting a OK response back. The same logs appear in v1.3.4 log.
I saw that too but for some reason, it doesn't work, tried to switch back and forth a couple of times. No changes have been done on my local network.
Could you please try using nslookup with debug enabled, and paste the output here?
cuonglm
commented
1 week ago MAC filtering will not work. For example, I have added two ZT interfaces, they have completely different MACs, including first six characters. Same with other colleagues. Maybe something like Get-NetAdapter | Where {$_.Virtual –eq $False} would be better?
Thanks for your suggestion. We experiment with slow external command on some VMs, and since this function is used in a loop, we may want a solution which is more native for better performance.
That was not the case with v1.3.4. Why?
Settings DNS for all physical interfaces are only added since v1.3.5: https://github.com/Control-D-Inc/ctrld/releases/tag/v1.3.5
domy86
commented
1 week ago Hmm, looking at your log, it's not clear what's the problem. For example, v1.3.7 log contains these lines:
{"level":"info","time":"2024-09-03T13:01:30+02:00.832","message":"[1af564] QUERY: 10.17.25.103:64201 (esign-local) -> listener.0: A domy-nas.lan"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] lan hostname lookup, using upstreams: [upstream.os upstream.0]"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.833","message":"[1af564] sending query to upstream.os: Private resolver"} {"level":"info","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] REPLY: upstream.os -> 10.17.25.103:64201 (esign-local): NOERROR"} {"level":"debug","time":"2024-09-03T13:01:30+02:00.880","message":"[1af564] received response of 30 bytes in 48.2267ms"}which indicates that the query is steering to the correct OS upstream for LAN query, and getting a OK response back. The same logs appear in v1.3.4 log.
I saw that too but for some reason, it doesn't work, tried to switch back and forth a couple of times. No changes have been done on my local network.
Could you please try using
nslookupwith debug enabled, and paste the output here?
Here you are...
C:\Users\Domy>ctrld start --cd xxxxxxxx
Sep 3 17:31:30.828 NTC Starting service
Sep 3 17:31:50.203 NTC Generating controld config: C:\Windows\system32\ctrld.toml
Sep 3 17:31:52.247 NTC Service started
C:\Users\Domy>ctrld --version
ctrld version v1.3.7
C:\Users\Domy>nslookup
Default Server: esign-local
Address: 127.0.0.1
> set debug
> nslookup domy-nas.lan
------------
Got answer:
HEADER:
opcode = QUERY, id = 8, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
domy-nas.lan, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 9, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
domy-nas.lan, type = AAAA, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 10, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
domy-nas.lan, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 11, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
domy-nas.lan, type = AAAA, class = IN
------------
*** Can't find address for server domy-nas.lan: No information
>@domy86 Thanks, could you please perform the same nslookup debug with v1.3.4?
domy86
commented
1 week ago Sure...
C:\Users\Domy>ctrld --version
ctrld version v1.3.4
C:\Users\Domy>ping router.lan
Pinging router.lan [10.17.25.100] with 32 bytes of data:
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Ping statistics for 10.17.25.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\Domy>nslookup
Default Server: esign-local
Address: 127.0.0.1
> set debug
> nslookup router.lan
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Can't find address for server router.lan: Timed out
> exit
C:\Users\Domy>Sure...
C:\Users\Domy>ctrld --version ctrld version v1.3.4 C:\Users\Domy>ping router.lan Pinging router.lan [10.17.25.100] with 32 bytes of data: Reply from 10.17.25.100: bytes=32 time<1ms TTL=64 Reply from 10.17.25.100: bytes=32 time<1ms TTL=64 Reply from 10.17.25.100: bytes=32 time<1ms TTL=64 Reply from 10.17.25.100: bytes=32 time<1ms TTL=64 Ping statistics for 10.17.25.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\Domy>nslookup Default Server: esign-local Address: 127.0.0.1 > set debug > nslookup router.lan DNS request timed out. timeout was 2 seconds. timeout (2 secs) DNS request timed out. timeout was 2 seconds. timeout (2 secs) DNS request timed out. timeout was 2 seconds. timeout (2 secs) DNS request timed out. timeout was 2 seconds. timeout (2 secs) *** Can't find address for server router.lan: Timed out > exit C:\Users\Domy>
This looks weird, isn't that nslookup failed to resolve the hostname at all?
domy86
commented
1 week ago No, that's the case if I use ctrld client as the only resolver. If I remove ctrld client and switch to Control D legacy DNS servers configured in my router, output is:
C:\Users\Domy>ctrld uninstall
Sep 5 15:52:10.983 NTC Service uninstalled
C:\Users\Domy>nslookup
Default Server: premium.dns.controld.com
Address: 76.76.2.186
> set debug
> nslookup router.lan
------------
Got answer:
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 1
QUESTIONS:
router.lan, type = A, class = IN
ANSWERS:
-> router.lan
internet address = 10.17.25.100
ttl = 20 (20 secs)
ADDITIONAL RECORDS:
-> (root)
??? unknown type 41 ???
ttl = 0 (0 secs)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 7, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 1
QUESTIONS:
router.lan, type = AAAA, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 3225 (53 mins 45 secs)
primary name server = a.root-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 2024090500
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
ADDITIONAL RECORDS:
-> (root)
??? unknown type 41 ???
ttl = 0 (0 secs)
------------
Server: router.lan
Address: 10.17.25.100
------------
Got answer:
HEADER:
opcode = QUERY, id = 8, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nslookup, type = A, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 543 (9 mins 3 secs)
primary name server = a.root-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 2024090500
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 9, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
nslookup, type = AAAA, class = IN
AUTHORITY RECORDS:
-> (root)
ttl = 522 (8 mins 42 secs)
primary name server = a.root-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 2024090500
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
*** router.lan can't find nslookup: Non-existent domain
>Hmm, I'm confused. So the problem that local device hostnames not being resolved also happen with v1.3.4 right?
domy86
commented
1 week ago Nooo! Everything works fine with v1.3.4 except that wierd nslookup output, I can ping any local device by hostname, open network share and so on as you can see in posts https://github.com/Control-D-Inc/ctrld/issues/175#issue-2502629016 and https://github.com/Control-D-Inc/ctrld/issues/175#issuecomment-2331365408. Once I upgrade to v.1.3.5 or later, reverse DNS doesn't work anymore. AND, v1.3.5 and later touches my virtual interfaces too.
cuonglm
commented
1 week ago @domy86 Thanks for clarifying. Would you mind doing folowing steps:
ctrld service start --cd=XXX.127.0.0.1.Thank you.
domy86
commented
1 week ago You mean with v1.3.7?
cuonglm
commented
1 week ago You mean with v1.3.7?
Yes.
domy86
commented
1 week ago Done...
C:\Users\Domy>ctrld uninstall
Sep 5 16:28:05.657 NTC Service uninstalled
C:\Users\Domy>ctrld service start --cd=xxxxxxxxxx
Sep 5 16:28:47.471 NTC Starting service
Sep 5 16:29:06.647 NTC Generating controld config: C:\Windows\system32\ctrld.toml
Sep 5 16:29:10.322 NTC Service started
C:\Users\Domy>ctrld --version
ctrld version v1.3.7
C:\Users\Domy>ping router.lan
Pinging router.lan [10.17.25.100] with 32 bytes of data:
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time<1ms TTL=64
Reply from 10.17.25.100: bytes=32 time=1ms TTL=64
Ping statistics for 10.17.25.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\Users\Domy>nslookup
Default Server: esign-local
Address: 127.0.0.1
> set debug
> nslookup router.lan
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Can't find address for server router.lan: Timed out
>I guess DNS request goes to a wrong interface due to touching DNS on virtual interfaces, right?
cuonglm
commented
1 week ago I guess DNS request goes to a wrong interface due to touching DNS on virtual interfaces, right?
Thanks, that's it.
But it feels strange if your DNS queries are leaked to somewhere else instead of always go through ctrld. That's why we try settings DNS on all physical interfaces since v1.3.5
Is your DNS server which resolve router.lan is on a physical interface or virtual interface? If it's the latter, then we may try improving the physical interface detection like your suggestion in future releases.
domy86
commented
1 week ago Maybe due to a higher metric of 127.0.0.1 destination compared with that for virtual interfaces?
PS C:\Users\Domy> route print
===========================================================================
Interface List
35...9c 2d cd 6f b1 a2 ......Intel(R) Ethernet Connection (13) I219-V
20...9c 2d cd 6f b1 a2 ......Realtek USB GbE Family Controller
15...c4 75 ab fb 1b 61 ......Intel(R) Wi-Fi 6 AX201 160MHz
5...c4 75 ab fb 1b 62 ......Microsoft Wi-Fi Direct Virtual Adapter
10...c6 75 ab fb 1b 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
8...b0 85 b2 5e 59 51 ......Generic Mobile Broadband Adapter #18
17...fa e9 c5 cd ce cd ......ZeroTier Virtual Port
29...c6 42 21 3d 5b bf ......ZeroTier Virtual Port #2
1...........................Software Loopback Interface 1
60...00 15 5d 35 b0 15 ......Hyper-V Virtual Ethernet Adapter
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.17.25.100 10.17.25.103 25
0.0.0.0 0.0.0.0 25.255.255.254 10.25.17.122 10034
0.0.0.0 0.0.0.0 25.255.255.254 192.168.193.122 10034
10.17.25.0 255.255.255.0 On-link 10.17.25.103 281
10.17.25.103 255.255.255.255 On-link 10.17.25.103 281
10.17.25.255 255.255.255.255 On-link 10.17.25.103 281
10.25.17.0 255.255.255.0 On-link 10.25.17.122 291
10.25.17.122 255.255.255.255 On-link 10.25.17.122 291
10.25.17.255 255.255.255.255 On-link 10.25.17.122 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.192.0 255.255.240.0 On-link 172.17.192.1 5256
172.17.192.1 255.255.255.255 On-link 172.17.192.1 5256
172.17.207.255 255.255.255.255 On-link 172.17.192.1 5256
192.168.88.0 255.255.255.0 192.168.193.1 192.168.193.122 291
192.168.193.0 255.255.255.0 On-link 192.168.193.122 291
192.168.193.122 255.255.255.255 On-link 192.168.193.122 291
192.168.193.255 255.255.255.255 On-link 192.168.193.122 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.17.192.1 5256
224.0.0.0 240.0.0.0 On-link 10.17.25.103 281
224.0.0.0 240.0.0.0 On-link 10.25.17.122 291
224.0.0.0 240.0.0.0 On-link 192.168.193.122 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.17.192.1 5256
255.255.255.255 255.255.255.255 On-link 10.17.25.103 281
255.255.255.255 255.255.255.255 On-link 10.25.17.122 291
255.255.255.255 255.255.255.255 On-link 192.168.193.122 291
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
60 5256 fe80::/64 On-link
60 5256 fe80::8e4b:c753:f931:259d/128
On-link
1 331 ff00::/8 On-link
60 5256 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
PS C:\Users\Domy>Is your DNS server which resolve router.lan is on a physical interface or virtual interface? If it's the latter, then we may try improving the physical interface detection like your suggestion in future releases.
No, it's on physical interface.
domy86
commented
5 days ago Stopped working again, even with ctrld service start --cd=XXX command.
PS C:\Users\Domy> ping router.lan
Ping request could not find host router.lan. Please check the name and try again.
PS C:\Users\Domy> ctrld --version
ctrld version v1.3.7
Hi,
I have upgraded ctrld from 1.3.4 to 1.3.7 and experienced two issues:
Full logs have been attached.
ctrld_1.3.4.log ctrld_1.3.7.log
I have used default ctrld.toml for both versions: