can `dig` but cannot `ping` on debian/ubuntu

[wxrl]

Hi, I have been using zerotier for a while on my private network and just started to deploy zeronsd.

I followed the official zeronsd documentation as well as referring to Alan Norbauer's notes for set-up

• https://docs.zerotier.com/zeronsd/quickstart/
• https://alan.norbauer.com/articles/zerons-setup

Here are my configurations (all 3 nodes listed below are under different physical network)

	Home Server	Office Client	Mobile Phone
OS	Debian 11.3	Ubuntu 20.04	Android 11
ZeroTier Version	v1.10.1	v1.10.1	v1.8.9-1
allownDNS	1	1	"Network DNS" tab chosen when joining network
ZeroTier IP	172.27.27.27	172.27.50.50	172.27.200.10
Zerotier Systemd Manager Version	v0.3.1	N/A	N/A
ZeroNSD Version	v0.5.2	N/A	N/A
ZeroNSD Domain	sv.myowndomain.com	dt.myowndomain.com	mob.myowndomain.com

myowndomain.com is my own domain registered at Godaddy.com but no public DNS settings done there (just registered).

• What I can do
  • Can ping each other using ZeroTier IPs
  • Can access web services (http, samba, etc) deployed on Home Server from Office Client and Mobile Phone using ZeroTier IP
  • Can see myowndomain.com automatically filled in Search Domain and 172.27.27.27 listed in Servers in ZeroTier Web Settings page
  • Can dig each other, e.g.

dig on Home Server (Debian)

> dig +short @172.27.27.27 sv.myowndomain.com
172.27.27.27
> dig +short @172.27.27.27 dt.myowndomain.com
172.27.50.50
> dig +short @172.27.27.27 mob.myowndomain.com
172.27.200.10

dig on Office Client (Ubuntu)

> dig +short @172.27.27.27 sv.myowndomain.com
172.27.27.27
> dig +short @172.27.27.27 dt.myowndomain.com
172.27.50.50
> dig +short @172.27.27.27 mob.myowndomain.com
172.27.200.10

• What I CANNOT do
  • Cannot ping each other (even itself) using ZeroNSD domains, nor can access web services on the server using domain

> ping sv.myowndomain.com
ping: sv.myowndomain.com: Name or service not known
> ping dt.myowndomain.com
ping: dt.myowndomain.com: Name or service not known

Any help would be highly appreciated! Thanks!

[wxrl]

If I manually change my DNS server settings to 172.27.27.27 on e.g. Office Client, I can ping the server with sv.myowndomain.com as well as ping other nodes with their zeroNSD domains respectively. But this is not a good way to bypass as the Home Server is not always on.

[laduke]

Hello, Lets see... ZeroNSD is up and running, dig +short @172.27.27.27 sv.myowndomain.com works.
If you use dig without the @172.27.27.27 it won't work, I assume.

I think you need to run zerotier-systemd-manager on the Ubuntu 20.04 machine. Or otherwise tell it to use 172.27.27.27 for myowndomain.com. How to do this depends which of the numerous linux network manager things you're using.

The android isn't working? That seems like it should work.

[erikh]

android on my systems almost always requires a leave/join to trigger the dns changes.

[wxrl]

I do have got another more serious problem after installing zeronsd / zerotier-systemd-manager...

As my home router does have a top-level public but dynamic IPV4 (but it just keeps changing every 2-3 days), I actually was always able to access (SSH) the Debian Home Server via the IPV4 (as I redirected the IPV4 to the Debian Home Server in the router's settings)

After zeronsd / zerotier-systemd-manager installed and after every reboot of the server (not rebooting the home router), if I try to SSH the Debian Server from outside (not within home sub-net), sometimes I can access the server with the public IPV4 but sometimes I cannot... (and the failure rate is like much more than 50% high). Also under the failure situation with the public IPV4, I CANNOT access the server using zerotier's virtual IP...

But if I SSH the Debian server from home sub-net (under the same home router) using 192.168.x.x, I can always access the Debian Home Server 100%.

NOT SURE whether the system network gets stuck with zeronsd or zerotier-systemd-manager somewhere during/after reboot...

Once I uninstalled zeronsd & zerotier-systemd-manager, but with zerotier-one kept, the issue above disappeared after reboot (and zerotier virtual IP works fine as before)...

[wxrl]

Also if the Debian Server (with zeronsd "running") is under the situation mentioned in the comment above (=cannot be connected via its public top-level IP), it cannot resolve domains itself if I ping some public sites from the Debian Server or try to wget some package from the internet under SSH (as it can still be connected via 192.168.*.* from the home sub-net).

[erikh]

the debian server must still run zerotier-systemd-manager.

[wxrl]

Yes, i meant zerotier-systemd-manager+zeronsd together when saying zeronsd as my setup was following the official instructions...

Also when the problem happens, I tried to systemctl restart zerotier-systemd-manager and zeronsd, as well as restarting zerotier-one several times, but it doesn't solve the problem... The problem is completely gone only after I remove zeronsd and zerotier-systemd-manager...

[erikh]

... are you running systemd-resolved?

[wxrl]

... are you running systemd-resolved?

No. Should I?

sudo systemctl status systemd-resolved.service 
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; ve>
     Active: inactive (dead)
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network->
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver>

[erikh]

read the documentation please. this isn't an interactive help forum.

[wxrl]

the documentation provided was well read. it's dead because the zerotier-systemd-manager (as well as zeronsd) was removed due to the problems.