Open erikh opened 3 years ago
laduke
commented
3 years ago The only thing I can think of is sometimes you manually/statically assign an address on a zerotier interface and don't use a zerotier managed ip address.
Maybe it should gently warn you on startup?
AndreKR
commented
3 years ago zeronsd only needs to be reachable from within a Zerotier network, doesn't it? So why does it deal with OS IPs at all and not just connects to the ZT network using libzt?
erikh
commented
3 years ago @AndreKR libzt still needs some massage to play well with the rust async ecosystem, but I need to double check with the principal for that work. That was the plan for some time but alas, time has passed and people have been occupied by more important things, this is not high on our priority list at the moment.
Regardless, the great thing about open source is once you do something one way, you're stuck supporting it for life, so even if libzt entered the picture we would still do it this way for some time. :)
Once I come up for air after this (current, non-dns) project there will be plenty of other good reasons to sharpen libzt's interaction with the rust ecosystem, so I will hopefully be able to focus attention there. HTH.
aplum
commented
1 year ago Not sure if I should restrict this just to IPs on the network, or allow the hopefully obvious footgun of letting you listen on another, potentially non-zerotier IP address.
It may be a footgun for the most simple setups, but in the environment described in #205 it would make as much sense to be listening on 192.168.111.2 (non-ZeroTier IP) instead of 192.168.4.1 (ZeroTier IP).
That said, if we add another ZeroTier network + zeronsd instance + subdomain to that environment on the same zeronsd host, listening on the non-ZeroTier IP wouldn't scale, since multiple zeronsd instances couldn't listen on the same IP. And since we (presumably) have routing configured between these networks, each ZeroTier address should be reachable for the purpose of delegating the DNS zones.
In my opinion, even though I see a valid use case for listening on non-ZeroTier addresses, I don't think it would be worthwhile feature to add. I'd be interested to hear if anyone has a situation where it is necessary, though.
zeronsd only needs to be reachable from within a Zerotier network, doesn't it?
In environment in #205, zeronsd is actually never contacted from within the ZT network – the main office DNS server is the only one that sends requests to it. It's still listening on its ZT IP address, of course, but its only client isn't on the ZT network.
If you have multiple IPs assigned to the zeronsd host using ZeroTier, I suppose it would be valuable to be able to choose which IP it listens on. In most cases it would probably be fine to listen on all of them (or just one, if it's predictable which one is chosen), but maybe e.g. I want to run a different DNS server on one of the ZT IPs, so I need zeronsd to not be listening on it.
erikh
commented
1 year ago I feel the best approach is to make this the subject of configuration.
------- Original Message ------- On Thursday, February 16th, 2023 at 1:53 PM, Alex Plumley @.***> wrote:
Not sure if I should restrict this just to IPs on the network, or allow the hopefully obvious footgun of letting you listen on another, potentially non-zerotier IP address.
It may be a footgun for the most simple setups, but in the environment described in #205 it would make as much sense to be listening on 192.168.111.2 (non-ZeroTier IP) instead of 192.168.4.1 (ZeroTier IP).
That said, if we add another ZeroTier network + zeronsd instance + subdomain to that environment on the same zeronsd host, listening on the non-ZeroTier IP wouldn't scale, since multiple zeronsd instances couldn't listen on the same IP. And since we (presumably) have routing configured between these networks, each ZeroTier address should be reachable for the purpose of delegating the DNS zones.
In my opinion, even though I see a valid use case for listening on non-ZeroTier addresses, I don't think it would be worthwhile feature to add. I'd be interested to hear if anyone has a situation where it is necessary, though.
zeronsd only needs to be reachable from within a Zerotier network, doesn't it?
In environment in #205, zeronsd is actually never contacted from within the ZT network – the main office DNS server is the only one that sends requests to it. It's still listening on its ZT IP address, of course, but its only client isn't on the ZT network.
If you have multiple IPs assigned to the zeronsd host using ZeroTier, I suppose it would be valuable to be able to choose which IP it listens on. In most cases it would probably be fine to listen on all of them (or just one, if it's predictable which one is chosen), but maybe e.g. I want to run a different DNS server on one of the ZT IPs, so I need zeronsd to not be listening on it.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
Not sure if I should restrict this just to IPs on the network, or allow the hopefully obvious footgun of letting you listen on another, potentially non-zerotier IP address.
Comments welcome.