search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.17k stars 514 forks source link

Embedded DNS peer subdomain resolution customization #817

Open CertainLach opened 1 year ago

CertainLach commented 1 year ago

Is your feature request related to a problem? Please describe. I have some server in my network (Peer FQDN server.netbird.local), which has multiple internal services (I.e nginx with virtual hosts handling);

I would like to customize netbird DNS resolution (Maybe rego can be used here?) to make it possible to override resolutions for host subdomains or at least make it resolve subdomains to the same machine address without using external DNS.

I.e. make it possible for embedded DNS server to return peer IP not only on server.netbird.local DNS request but also on something.server.netbird.local.

Describe alternatives you've considered My current solution involves starting nsd (authoritative DNS resolver) on the target server (server.netbird.local), where I have only one record:

*.server.local. 3600 IN CNAME server.netbird.local.

and then creating a custom DNS configuration with nameserver IP of the target server and match domains of server.local (Note that I can't reuse server.netbird.local, as netbird.local is already resolved by netbird embedded DNS).

So when I go to sonarr.server.local, the browser connects to server.netbird.local instead.

Additional context It is not a VPN job to manage DNS records... But wildcard resolution will not cause a maintenance burden, as there is already a DNS server embedded, and it might be useful to many users.

magixus commented 9 months ago

I have asked similar question or kinda here #1436

I found out it's possible to workaround that by going via the following path:

  1. Add a new server for proxy (optional) or use same server as netbird server
  2. Install a client and connect it to your netbird server
  3. Add a reverse proxy that listen to *.YOURFQDN.LTD and redirect to $host (using nginx or caddy)

So for example, if you have test1.vpn.fqdn.ltd => it's gonna connect to proxy which already connected to vpn as client. so you $host would be test1.vpn.fqdn.ltd, Since to proxy is connected to vpn and know that name it will forward you to the right peer.

I have solved this myself in current vpn solution and worked pretty well.

# this is a caddy example:
:80,:443 {
    reverse_proxy {host}    
    # other configuration directives...
}
server {
    listen 80 ; 
    location / {
       proxy $scheme://$host$request_uri;
    }
}