search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.2k stars 517 forks source link

Broken DNS resolution of *.our.domain on Windows client #2895

Open tomashora opened 3 days ago

tomashora commented 3 days ago

Describe the problem

The resolution of all subdomains under *our.domain does not work for certain application (for example any web browser or ping tool, however nslookup resolves IP correctly). This used to happen in the past when netbird was shut down incorrectly, as discussed on Slack. Now it seems to happen the same way - hard laptop shutdown, system boots up, dns not resolved.

This results that the clients cannot connect.

To Reproduce

Steps to reproduce the behavior: TBD

Expected behavior

All DNS records should be resolved correctly.

Are you using NetBird Cloud?

Self-hosted (v0.31.1 incl. relay as well as coturn)

NetBird version

0.31.1

NetBird status -dA output:

X

Do you face any (non-mobile) client issues?

2024-11-15T08:27:16+01:00 ERRO util/grpc/dialer.go:38: Failed to dial: dial: dial tcp: lookup netbird.our.domain: no such host

Screenshots

X

Additional context

The easiest to fix it is to connecto to the Netbird Cloud instance, which somehows resets the windows DNS configutation so the *.our.domain is immediately resolved correctly.

Output of Resolve-DnsName -Name www.our.domain Resolve-DnsName: www.unipi.technology : Daná operace se vrátila, protože vypršel časový limit. //Time exceeded

Output of: ping www.our.domain Ping request could not find host www.our.domain. Please check the name and try again.

Output of: nslookup www.our.domain

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    our.domain
Address:  correct IP address
Aliases:  www.our.domain

Output of Get-DnsClientNrptPolicy

Namespace                        : .ourdomain.local
QueryPolicy                      :
SecureNameQueryFallback          :
DirectAccessIPsecCARestriction   :
DirectAccessProxyName            :
DirectAccessDnsServers           :
DirectAccessEnabled              :
DirectAccessProxyType            : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired   : False
NameServers                      : 10.220.255.254
DnsSecIPsecCARestriction         :
DnsSecQueryIPsecEncryption       :
DnsSecQueryIPsecRequired         : False
DnsSecValidationRequired         : False
NameEncoding                     : Utf8WithoutMapping

Namespace                        : .our.domain
QueryPolicy                      :
SecureNameQueryFallback          :
DirectAccessIPsecCARestriction   :
DirectAccessProxyName            :
DirectAccessDnsServers           :
DirectAccessEnabled              :
DirectAccessProxyType            : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired   : False
NameServers                      : 10.220.255.254
DnsSecIPsecCARestriction         :
DnsSecQueryIPsecEncryption       :
DnsSecQueryIPsecRequired         : False
DnsSecValidationRequired         : False
NameEncoding                     : Utf8WithoutMapping
roberthase commented 3 hours ago

try deleting this registry-key, when this happens. Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsPolicyConfig\NetBird-Match

can you also confirm that the domain used for your netbird controller is also supposed to be routed to through the wireguard tunnel after the connection is established?