afeiszli
commented
2 years ago @frazerk I'm going to attempt a TL;DR here. The issue is that the DNS IP is not a part of the netmaker private network. It needs to be a part of the network to be reachable in v248+.
Assuming this is the issue, our solution will come in the next release, when we'll make the private address of the server the DNS IP for the network.
This is on v0.9.0.
In the Quick Install instructions, you set up a CoreDNS server listening on the
netmakerserver's public IP. This address is propagated to client nodes, which run a sequence ofresolvectlcommands to create a per-interface routing domain fornetmaker'swireguardinterface. The public IP of the server is set as the DNS server for the interface, and the name of thenetmakernetwork is set as a route-only domain.Starting in
v248,systemd-resolvedbinds properly to the interface for per-interface routing domains (see commit). Prior to this, they were inadvertently not binding to the interface, meaning that per-interface DNS servers did not need to be routable over the interface they effected. Ubuntu 20.04 is running systemd v245, and this change has not been backported.The Quick Install instructions rely on the old behavior, presumably unintentionally. The public IP of the
netmakerserver is not routable over thenetmakernetwork by default, and so any DNS requests fail. I'll note that they fail in a way that produces no informative error messages fromsystemd-resolved(even at the debug log level), and this behavior was only determined by stracing it.Adding the server's public IP to the "Allowed IP" list for the server node allows the DNS requests, though it has the obvious side effect of routing all client node traffic intended for the server's public IP over the
netmakernetwork. Altering the "Allowed IP" list for the server is also rather difficult due to #489.