search

openziti / ziti

The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
https://openziti.io
Apache License 2.0
2.68k stars 153 forks source link

ziti-router creates multiple IPs for same DNS name #960

Open jlin-nf opened 1 year ago

jlin-nf commented 1 year ago
  1. Creates multiple services with same intercept DNS name.
  2. Create bind service-policy for all services in step 1 to the same identity (endpoint on an Edge-Router)
  3. Check the intercepts on the endpoint: $ zt-intercepts Chain NF-INTERCEPT (1 references) target prot opt source destination TPROXY udp -- 0.0.0.0/0 100.64.0.3 / testziti-dns3 / udp dpt:53 TPROXY redirect 127.0.0.1:40928 mark 0x1/0x1 TPROXY tcp -- 0.0.0.0/0 100.64.0.2 / testziti-dns1 / tcp dpt:80 TPROXY redirect 127.0.0.1:45787 mark 0x1/0x1 TPROXY tcp -- 0.0.0.0/0 100.64.0.1 / testziti-dns2 / tcp dpt:443 TPROXY redirect 127.0.0.1:40217 mark 0x1/0x1

$ ping testziti.james.net PING testziti.james.net (100.64.0.1) 56(84) bytes of data. 64 bytes from 100.64.0.1: icmp_seq=1 ttl=64 time=0.081 ms

So, only one of the service works.

ekoby commented 1 month ago

validate if still an issue