Multiple TLD support

[LecrisUT]

The issue is self-explanatory.

[erikh]

I'm not sure I agree. Multiple TLDs implies some kind of partitioning and a rethinking of how the TLD is in relation to the individual addresses. How would you propose this be done?

Open to the idea, just disagree that's it's self-explanatory.

[LecrisUT]

Fair enough, what I wanted to say was supporting the ability to serve multiple TLDs, so that we can assign different TLDs to each machine. The application is mostly for simplifying split-view dns and organizations.

For an example, let's say we have some services that are available both publicly and privately, e.g. public website with private backend admin (gated by ip). So we would want the dns to override and serve us the private records for the website's dns name. Assuming the services are cnames to a sub-domain whose a records only we override. Now if we also want private only services on a local network and let's say it has a similar structure but on a private tld, it would be helpful to override the records when accessing via the same zero-tier network.

[erikh]

Sure, so here, on linux you can accomplish this really easily with systemd-networkd and systemd-resolved. If that's an option for you, try this package I slapped together over the weekend, I think it will really help. https://github.com/erikh/zerotier-systemd-manager

Windows and Mac OS X already do per-interface DNS resolution so you should be on solid ground there as long as you partition the TLD at the interface.

Does that help? I can do more here, happy to, but I would like to know why this isn't a solution before we discuss that.

[erikh]

eh, for example, I have a seafile at a TLD that is hosted by a local DNS service @ 10.0.0.x and on zerotier (with zeronsd) at some 172/16 address. both records resolve to the same service, but when I use zerotier my iphone automatically resolves the 172/16 address.

[LecrisUT]

Yes that's the intended behaviour, but allowing multiple TLDs. The current options indicates we can only assign one TLD for the zerotier network. Let's assume we have the following records:

www.example.com CNAME node1.nodes.example.com
node1.nodes.example.com A 1.1.1.1

mail.company.tld CNAME node3.nodes.company.tld
node3.nodes.company.tld A 10.0.0.3

Now on zerotier network we want both node3.nodes.company.tld and node1.nodes.example.com both to point to 192.168.0.1. But the wording in the Readme indicates we can only assign one tld, either nodes.company.tld or nodes.example.com. The requested support is to be able to override both on the same zero-tier network.

[erikh]

ahh I see. ok, I'm not going to be able to deal with this today but I will try to get to it within the next week or two.

Thanks for clarifying your issue, I appreciate it.

[LecrisUT]

Oh, also on that note, forwarding other specific requests as well, e.g. partner-company.tld or more practically forwarding company.tld requests to a/the dns resolver on the internal network. I.e. because company.tld is not globally resolvable, but only nodes.company.tld is being overridden. You can think of the situation where we are connecting to multiple zero-tier networks, and we don't want one to interfere with the other.

[erikh]

we're not going to alter the forwarding of records at all. there are so many uncanny security problems there that I don't have enough space to address in a github comment.

I'm sorry, that you will need to resolve differently, maybe with a front-side cache or similar ilk.

[LecrisUT]

Understandable. Yes my current workaround for that problem is a localhost dnsdist do that I can fine-tune the logic and automatically. Still the multiple TLD would save a lot of headache, will be looking forward to that.