Closed tomasznguyen closed 3 months ago
I have same problem.
Hello Folks,
There is a bug we introduced with the latest release where the new firewall rules are affecting the local traffic from the systemd-resolved;
if you are using exit nodes or DNS routes, you need to downgrade the routing peer to 0.27.10. If you only have DNS routes, you will need to downgrade too, but you will need to add a temporary exit node route, with a distribution group without peers. This will make the routing peer create the necessary local firewall rules.
We are working on a fix that should be in the 0.28.3 release in the next couple of days.
Hi @mlsmaycon. I updated yesterday to version 0.28.3 and I can confirm that the issue is now resolved. Thank you!
I am not using selfhosted version but the cloud version. My peers are on 0.28.9, but i see exactly same issue with a caveat that my local DNS is not getting resolved. i.e. After installing the agent i am able to ping google but i am unable to ping my local custom DNS (for example - lab.test.com). Any clues how to fix this?
I am not using selfhosted version but the cloud version. My peers are on 0.28.9, but i see exactly same issue with a caveat that my local DNS is not getting resolved. i.e. After installing the agent i am able to ping google but i am unable to ping my local custom DNS (for example - lab.test.com). Any clues how to fix this?
Is the DNS that resolves lab.test.com for you also running on a netbird peer and you are trying to reach it via netbird?
From what I gather, the following scenario currently doesn't work:
Let's define some example peers:
NetbirdPeerA with example ip 10.10.10.1
NetbirdPeerB with example ip 10.10.10.2 <- runs DNS Server
On NetbirdPeerB you can access the locally running DNS server: nslookup test.lab.com 127.0.0.1
works.
On NetbirdPeerA you cannot access the DNS server running on NetbirdPeerB OVER netbird, as in
$NetbirdPeerA: nslookup test.lab.com 10.10.10.2
will fail.
Similarly, running the same command on NetbirdPeerB with netbird's' peer IP for NetbirdPeerB, as in
$NetbirdPeerB: nslookup test.lab.com 10.10.10.2
will fail.
The DNS request is seemingly auto-rerouted and lost. I've looked into it with TCPdump, and it definitely arrives, but then is routed to.. somewhere? (but not where I expect it to be).
The workaround currently that I see is to not have a DNS running on any netbird peer that you need to reach in your mesh. Install it on a VM or a target machine that is not a peer. Then you can use network routes and either netbird's masquerade feature, or manually via iptables/nftables routing to make it available within your netbird mesh.
Describe the problem
After a fresh install of Ubuntu (24.04), resolving domains works. However, after installing netbird, DNS resolving does not work anymore. For example:
To Reproduce
Steps to reproduce the behavior:
ping google.com
curl -fsSL https://pkgs.netbird.io/install.sh | sh
netbird up --management-url xxx --setup-key xxx
ping google.com
Expected behavior
DNS should be still working after installing and running netbird.
Are you using NetBird Cloud?
Self-hosted
NetBird version
0.28.2
NetBird status -d output:
See above