Unable to Resolve DNS Names in Netbird on OpenWrt

fanmaomao commented 2 months ago

Describe the problem I'm encountering an issue with DNS resolution between my MacBook and OpenWrt router using netbird. Both devices have successfully registered to netbird. However, while pinging from my MacBook to OpenWrt's FQDN (openwrt.netbird.cloud) works fine, attempting the reverse from OpenWrt to my MacBook's FQDN (macbook.netbird.cloud) fails with a "bad address" error. Directly using IP addresses for communication works without any issue.

MacBook(192.168.168.183) info：

➜  ~ netbird status
Daemon version: 0.26.2
CLI version: 0.26.2
Management: Connected
Signal: Connected
Relays: 2/2 Available
FQDN: macbook.netbird.cloud
NetBird IP: 100.126.212.195/16
Interface type: Userspace
Quantum resistance: false
Peers count: 2/3 Connected

OpenWrt(WAN: 192.168.168.113 LAN:192.168.100.0/24 ) info：

root@OpenWrt:~# cat /etc/os-release | grep RELEASE
OPENWRT_RELEASE="OpenWrt 23.05.3 r23809-234f1a2efa"
root@OpenWrt:~#
root@OpenWrt:~# netbird status
Daemon version: 0.24.3
CLI version: 0.24.3
Management: Connected
Signal: Connected
FQDN: openwrt.netbird.cloud
NetBird IP: 100.126.122.67/16
Interface type: Kernel
Peers count: 2/3 Connected

Do test on MacBook：

➜  ~ ping openwrt.netbird.cloud
PING openwrt.netbird.cloud (100.126.122.67): 56 data bytes
64 bytes from 100.126.122.67: icmp_seq=0 ttl=64 time=2.150 ms
64 bytes from 100.126.122.67: icmp_seq=1 ttl=64 time=2.773 ms
64 bytes from 100.126.122.67: icmp_seq=2 ttl=64 time=2.825 ms
^C
--- openwrt.netbird.cloud ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.150/2.583/2.825/0.307 ms

Do test on OpenWrt：

root@OpenWrt:~# ping macbook.netbird.cloud
ping: bad address 'macbook.netbird.cloud'
root@OpenWrt:~#
#  However: 
root@OpenWrt:~# ping 100.126.212.195
PING 100.126.212.195 (100.126.212.195): 56 data bytes
64 bytes from 100.126.212.195: seq=0 ttl=64 time=2.100 ms
64 bytes from 100.126.212.195: seq=1 ttl=64 time=2.644 ms
64 bytes from 100.126.212.195: seq=2 ttl=64 time=2.535 ms
64 bytes from 100.126.212.195: seq=3 ttl=64 time=2.346 ms
64 bytes from 100.126.212.195: seq=4 ttl=64 time=2.389 ms
^C
--- 100.126.212.195 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 2.100/2.402/2.644 ms

Then, I tried using netbird up --setup-key SETUP-KEY -F -l debug to extract the logs:

root@OpenWrt:~# netbird up --setup-key SETUP-KEY -F -l debug
2024-05-23T15:59:50Z DEBG client/internal/login.go:93: connecting to the Management service https://api.wiretrustee.com:443
2024-05-23T15:59:50Z DEBG client/internal/login.go:63: connected to the Management service https://api.wiretrustee.com:443
2024-05-23T15:59:52Z INFO client/internal/connect.go:47: starting NetBird client version 0.24.3
2024-05-23T15:59:52Z DEBG client/internal/connect.go:102: connecting to the Management service api.wiretrustee.com:443
2024-05-23T15:59:52Z DEBG client/internal/connect.go:110: connected to the Management service api.wiretrustee.com:443
2024-05-23T15:59:53Z DEBG signal/client/grpc.go:91: connected to Signal Service: signal.netbird.io:443
2024-05-23T15:59:53Z DEBG client/internal/wgproxy/proxy_ebpf.go:36: instantiate ebpf proxy
2024-05-23T15:59:53Z DEBG client/internal/ebpf/ebpf/wg_proxy_linux.go:11: load ebpf WG proxy
2024-05-23T15:59:53Z WARN client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy, fallback to user space proxy: field NbXdpProg: program nb_xdp_prog: load program: invalid argument: unknown func bpf_trace_printk#6 (101 line(s) omitted)
2024-05-23T15:59:53Z INFO client/internal/routemanager/firewall_linux.go:40: creating an nftables firewall manager for route rules
2024-05-23T15:59:53Z INFO iface/tun_linux.go:15: create tun interface with kernel WireGuard support: wt0
2024-05-23T15:59:53Z DEBG iface/tun_linux.go:58: adding device: wt0
2024-05-23T15:59:53Z DEBG iface/tun_linux.go:109: adding address 100.126.122.67/16 to interface: wt0
2024-05-23T15:59:53Z DEBG iface/tun_linux.go:74: setting MTU: 1280 interface: wt0
2024-05-23T15:59:53Z DEBG iface/tun_linux.go:81: bringing up interface: wt0
2024-05-23T15:59:53Z DEBG iface/iface.go:54: configuring Wireguard interface wt0
2024-05-23T15:59:53Z DEBG iface/wg_configurer_nonandroid.go:26: adding Wireguard private key
2024-05-23T15:59:53Z DEBG client/internal/acl/manager_create_linux.go:33: creating an nftables firewall manager for access control
2024-05-23T15:59:53Z DEBG client/firewall/nftables/manager_linux.go:757: chain INPUT not found. Skipping add allow netbird rule
2024-05-23T15:59:53Z DEBG client/internal/dns/host_linux.go:34: discovered mode is: 1
2024-05-23T15:59:53Z DEBG signal/client/grpc.go:136: signal connection state READY
2024-05-23T15:59:53Z INFO signal/client/grpc.go:157: connected to the Signal Service stream
2024-05-23T15:59:53Z DEBG client/internal/engine.go:551: connecting to Management Service updates stream
2024-05-23T15:59:53Z INFO client/internal/connect.go:182: Netbird engine started, my IP is: 100.126.122.67/16
2024-05-23T15:59:53Z DEBG management/client/grpc.go:116: management connection state READY
2024-05-23T15:59:54Z INFO management/client/grpc.go:143: connected to the Management Service stream
2024-05-23T15:59:54Z DEBG management/client/grpc.go:249: got an update message from Management Service
2024-05-23T15:59:54Z DEBG client/internal/engine.go:577: got TURNs update from Management Service, updating
2024-05-23T15:59:54Z DEBG client/internal/engine.go:559: got STUNs update from Management Service, updating
2024-05-23T15:59:54Z DEBG client/internal/engine.go:608: got peers update from Management Service, total peers to connect to = 5
2024-05-23T15:59:54Z DEBG client/internal/engine.go:828: creating peer connection rcm0idXtQIqwiUY=
2024-05-23T15:59:54Z DEBG client/internal/engine.go:828: creating peer connection tYKO5/tl9tgnZW0=
2024-05-23T15:59:54Z DEBG client/internal/engine.go:828: creating peer connection 2hvRV9/iRjNrWUY=
2024-05-23T15:59:54Z DEBG client/internal/engine.go:828: creating peer connection 8JB8TBzmMVA2M=
2024-05-23T15:59:54Z DEBG client/internal/engine.go:828: creating peer connection 4vQgbIe9bYDf4jA=
2024-05-23T15:59:54Z WARN client/internal/dns/service_listener.go:161: binding dns on 100.126.122.67:53 is not available, error: listen udp 100.126.122.67:53: bind: address already in use
2024-05-23T15:59:54Z WARN client/internal/dns/service_listener.go:161: binding dns on 127.0.0.1:53 is not available, error: listen udp 127.0.0.1:53: bind: address already in use
2024-05-23T15:59:54Z DEBG client/internal/dns/service_listener.go:78: starting dns on 127.0.0.153:53
2024-05-23T15:59:54Z ERRO client/internal/dns/server.go:269: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured
2024-05-23T15:59:54Z INFO client/internal/acl/manager.go:67: ACL rules processed in: 1.159599ms, total rules count: 2
... more ...

root@OpenWrt:~# netstat -tuln | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 192.168.100.1:53        0.0.0.0:*               LISTEN
tcp        0      0 192.168.168.113:53      0.0.0.0:*               LISTEN
tcp        0      0 100.126.122.67:53       0.0.0.0:*               LISTEN

Could someone please provide guidance on how to resolve this issue? Thank you!

mlsmaycon commented 2 months ago

Hello @fanmaomao the issue happens because openWRT requires a nameserver configuration that resolves all domains (default resolver). See the log line below:

2024-05-23T15:59:54Z ERRO client/internal/dns/server.go:269: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured

You can configure such nameserver in the DNS > Nameservers tab. Then, while adding the resolver, you should not add a match domain, making the configuration a default resolver.

The end result should look similar to this:

fanmaomao commented 1 month ago

@mlsmaycon Cool ! it's working ! Thanks !

netbirdio / netbird

Unable to Resolve DNS Names in Netbird on OpenWrt #2041