search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.18k stars 515 forks source link

DNS Routes Not Functioning Properly in NetBird #2175

Closed roney492 closed 4 months ago

roney492 commented 4 months ago

Describe the problem

The new DNS routes feature in NetBird is not working as expected. Sites that are supposed to be routed through specified Network routes either timeout in browser or as routed directly ie via original IP instead of the expected peer.

This was tested using "whatsmyip.com" with a routing peer on windows machines.

To Reproduce

Steps to reproduce the behaviour:

  1. Configure DNS routes in NetBird for domains such as "whatismyipaddress.com" and "www.whatismyip.com".
  2. Set it to route though a routing peer.
  3. Open a browser (e.g., Chrome) and navigate to "whatismyipaddress.com" or "www.whatismyip.com".
  4. Observe that the browser either times out or displays the original IP on "whatsmyip.com".

Expected behavior Traffic to specified domains (e.g.,"whatismyipaddress.com" or "www.whatismyip.com") should be routed through the designated peer, resulting in the correct routed IP.

Are you using NetBird Cloud? No, Self hosted.

NetBird version 0.28.2

Additional Info This works well with IP routing, only with DNS routing its failing.

lixmal commented 4 months ago

Hi @roney492,

can you provide a netbird status -d and netbird routes ls please?

Please consider that www.whatismyip.com and whatismyip.com are separate domains and might need to be added both, especially if one redirects to another. Also whatsmyip.com (missing an i) is different. Which one have you tested?

The browser might query different (sub)domains in the background that are not visible. E.g. whatismyip.com also queries api.whatismyip.com

roney492 commented 4 months ago

sure, ` C:\Users\Roney>netbird status -d Peers detail: cxxxxxxxx.netbird.selfhosted: NetBird IP: 100.123.171.xxx/32 Public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Status: Disconnected -- detail -- Connection type: Relayed Direct: false ICE candidate (Local/Remote): host/relay ICE candidate endpoints (Local/Remote): 172.17.xx.x:51820/142.xx.xxx.xxx:51352 Last connection update: 13 seconds ago Last WireGuard handshake: 51 seconds ago Transfer status (received/sent) 7.6 KiB/10.0 KiB Quantum resistance: false Routes: - Latency: 0s

cxxxx-01.netbird.selfhosted: NetBird IP: 100.123.155.xxx/32 Public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Status: Disconnected -- detail -- Connection type: Relayed Direct: false ICE candidate (Local/Remote): host/relay ICE candidate endpoints (Local/Remote): 172.17.xx.x:51820/142.xx.xxx.xxx:51352 Last connection update: 13 seconds ago Last WireGuard handshake: 51 seconds ago Transfer status (received/sent) 7.6 KiB/10.0 KiB Quantum resistance: false Routes: - Latency: 0s

monster.netbird.selfhosted: NetBird IP: 100.123.14.xxx Public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Status: Connected -- detail -- Connection type: Relayed Direct: true ICE candidate (Local/Remote): host/relay ICE candidate endpoints (Local/Remote): 172.17.xx.x:51820/142.xx.xxx.xxx:59242 Last connection update: 9 minutes, 39 seconds ago Last WireGuard handshake: 1 minute, 18 seconds ago Transfer status (received/sent) 4.7 KiB/6.6 KiB Quantum resistance: false Routes: 192.168.17.1/32, whatismyipaddress.com, www.whatismyip.com, api.whatismyip.com, whatismyip.com Latency: 69.2636ms

cxxx.netbird.selfhosted: NetBird IP: 100.123.224.11x Public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Status: Disconnected -- detail -- Connection type: Relayed Direct: false ICE candidate (Local/Remote): host/relay ICE candidate endpoints (Local/Remote): 172.17.xx.x:51820/142.xx.xxx.xxx:51352 Last connection update: - Last WireGuard handshake: 51 seconds ago Transfer status (received/sent) 7.6 KiB/10.0 KiB Quantum resistance: false Routes: - Latency: 0s

OS: windows/amd64 Daemon version: 0.28.2 CLI version: 0.28.2 Management: Connected to https://mnxxx.cxxxx.io:33073 Signal: Connected to http://mnxxx.cxxxx.io:10000 Relays: [stun:mnxxx.cxxxx.io:3478] is Available [turn:mnxxx.cxxxx.io:3478?transport=udp] is Available Nameservers: FQDN: laptop-roney.netbird.selfhosted NetBird IP: 100.123.106.xxx/16 Interface type: Userspace Quantum resistance: false Routes: - Peers count: 2/5 Connected `

image

image

tried the suggestion aswell, facing same issue though, tried same using other routing (linux) peers also, same issue.

lixmal commented 4 months ago

Have you updated the routing peer to >=0.28.0 as well?

roney492 commented 4 months ago

Have you updated the routing peer to >=0.28.0 as well?

no, missed that part, routing peer wasn't updated, After update it started working as expected now. Thanks a lot @lixmal :)