qrkourier
commented
1 year ago I believe intercept and hosting support for MX, TXT, and SRV records is present in both C-SDK and Go SDK tunnel implementations. This is activated by creating a Ziti service with a wildcard intercept address. The DNS queries for these record types are matched by the RNAME value of the query, parsed into a Ziti Edge message, received by the hosting tunnel with Bind permission, then resolved locally according to that host's default resolver configuration.
ziti routercannot currently answer SRV queries, which is essential for tunneling things like Kerberos authentication for Active Directory.