search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.49k stars 552 forks source link

[Bug]: Set DNS=a.b.c.d in wireguard config generated by netclient #1438

Open Exchizz opened 2 years ago

Exchizz commented 2 years ago

Contact Details

github@mneerup.dk

What happened?

Hi,

I'm missing support for DNS=a.b.c.d in the wireguard config that netclient generates. Basically I need to be able to specify a DNS server that is accessible vis an external network that is routed over the wireguard network and then via an egress gateway. I need it to work on a Windows server.

In this PR DNS support has unfortunately been removed.

If I create a PR where DNS=a.b.c.d is support and add that as a --enable-legacy-dns=on|off option, would that be merged in ?

Thanks in advance :) \Mathias

Version

v0.14.6

What OS are you using?

Windows

Relevant log output

No response

Contributing guidelines

afeiszli commented 2 years ago

The issue with our previous implementation is, it would only work for linux devices with systemd-resolve installed. It did not work for windows, mac, and a subset of linux devices. I believe you need this for windows based on comments in PR?

Adding the field DNS= does not work the same as adding the field to a wireguard conf file, since we do not always process the file using wg-quick.

DNS is pretty complicated and there does not appear to be a simple solution.

To accept a PR for this, I think it would need to completely copy the way that wg-quick implements DNS into golang, and do it per operating system. @mattkasun do you have any thoughts?

Exchizz commented 2 years ago

Adding DNS=a.b.c.d appears to be working in windows

mattkasun commented 2 years ago

Yes but does it work on mac, freebsd, ubuntu, debian, mint, pop_os, fedora, centos, rocky, arch, etc.

Exchizz commented 2 years ago

Accordingly to @afeiszli no. But isn't it better it works on Windows/(linux distros with systemd-resolve) than not working at all ?

I'm not trying to be cocky or anything, I just need DNS to work on netmaker in Windows.

Could --enable-wireguard-native-dns=yes|no be considered an option ?

squromiv commented 2 years ago

I just need DNS to work on netmaker in Windows

As well as I just need DNS to work in Android. 🤣 Absence of such a feature makes netmaker almost useless for me. It looks better to get alternative wireguard solution until this setting will be done.

B0bby31 commented 2 years ago

I just need DNS to work on netmaker in Windows

As well as I just need DNS to work in Android. 🤣 Absence of such a feature makes netmaker almost useless for me. It looks better to get alternative wireguard solution until this setting will be done.

It seems that you seem to be misunderstanding the issue... This regards the wireguard config generated by netclient for given nodes i.e. not the wireguard config generated for external clients such as an android phone. For these types of devices you can configure DNS by going into the netmaker UI, clicking on the relevant network and filling in "Default Ext Client DNS".

On another note, I would, also, like to see support for this feature.

pizzaandcheese commented 2 years ago

I would also like to +1 this issue.

setting client DNS is the only thing stopping me from using netmaker. Would be awesome if we could get it added as an environment variable just as a stop gap until everything is figured out like @Exchizz suggested.

pcfriek1987 commented 2 years ago

I would too +1 this issue, as that is the reason at work I can't use it (now using it as external for that reason.)

alcroito commented 2 years ago

+1. Removing the systemd-resolve/resolvectl support that was previously there could be a considered a regression, but i guess if the project follows semantic versioning, then 0.x means it's fine to do that due to no compatibility promise.

It would be great if that functionality could be restored under some form, even if it's limited to linux.

In addition, the current documentation is quite confusing in regards to DNS.

https://docs.netmaker.org/server-installation.html#no-dns-coredns-disabled

It first alludes that CoreDNS + COREDNS_ADDR is not required, but using it should still work, which is not the case due to the linked PR https://github.com/gravitl/netmaker/pull/1115 .

It also mentions DNS_MODE in seemingly 2 different contexts.

If you would like to disable DNS propagation entirely, in your docker-compose env for netmaker, set DNS_MODE=”off”

DNS_MODE: "on" # Enables DNS Mode, meaning all nodes will set hosts file for private dns settings.

You can interpret that as either disabling the writing to /etc/hosts, or as not propagating the CoreDNS ip to netclients.

There's also a somewhat conflicting statement, emphasis mine.

You must run the Netmaker binary, CoreDNS binary, database, and a web server directly on the host.

And the final confusing bit is that using CoreDNS does work for external clients.

If bringing back the removed functionality is not possible, at the least the documentation should not mislead people. :)

MetalPinguinInc commented 1 year ago

+1. I would like to add my support for this request as well. I want to use Netmaker to set up a virtual datacenter. I am currently running all my machines in a single network with a private DNS for local resolution. I am moving these machines to several different cloud providers and want to use Netmaker to simulate the same situation as before. Not being able to use a private DNS server with netclient means I will be limited to external client, which limits Netmaker's usecase.