windows DNS resolution + zeronsd

zerotier / zeronsd

A DNS server for ZeroTier users

https://zerotier.com

BSD 3-Clause "New" or "Revised" License

510 stars 57 forks source link

windows DNS resolution + zeronsd #88

Closed Kegelcizer closed 2 years ago

Kegelcizer commented 3 years ago

zerotier container running and connected to the network
zeronsd container running
~~2nd client windows with allow dns checked, but the interface does not have the dns server on it~~ NRPT works
ping works from both clients
resolving from both clients does not work

If anything else is needed, please ask and I will add it here and on the gist.

Output of dig, nslookup, container, etc https://gist.github.com/Kegelcizer/0bbba2ab8e95c5a965337edf69e064dd

glimberg commented 3 years ago

ZeroTier does not put the dns server on the adapter on Windows. It uses Windows' NRPT system. You can view the configuration in a PowerShell prompt via Get-DnsClientNrptRule

glimberg commented 3 years ago

Example output from Windows:

PS C:\WINDOWS\system32> Get-DnsClientNrptRule

Name                             : {565B7393-CAD2-4391-BDEE-5141E545186C}
Version                          : 2
Namespace                        : {.dnstest.zt}
IPsecCARestriction               :
DirectAccessDnsServers           :
DirectAccessEnabled              : False
DirectAccessProxyType            :
DirectAccessProxyName            :
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired   :
NameServers                      : 192.168.192.73
DnsSecEnabled                    : False
DnsSecQueryIPsecEncryption       :
DnsSecQueryIPsecRequired         :
DnsSecValidationRequired         :
NameEncoding                     : Disable
DisplayName                      :
Comment                          : d5e04297a1dd5aea

Kegelcizer commented 3 years ago

Ok so NRPT works, crossed out one issue. Edited post and gist. Thank you,

erikh commented 3 years ago

Thanks @glimberg. The problem is partially that DNS is not resolving for @Kegelcizer, which we have diagnosed over discord. This is only tangentially related to windows.

erikh commented 3 years ago

so Grant did some sleuthing and discovered a bug in zeronsd where it misreports the nameservers to central in a few situations that you may be seeing. I'm going to kick out a patch RSN but likely this won't be fixed until 0.2.2 is released.

erikh commented 3 years ago

for now, if you want to try editing your nameserver to remove the /xxx portion at the end of it, and try resolution after 30-60 seconds after the change is made -- without restarting zeronsd, which will re-set that value -- that would be useful info if you have the time.

erikh commented 3 years ago

0.2.2 was released, which might help with this. Please try it if you get time and lmk!

Kegelcizer commented 3 years ago

Pulled the latest zeronsd image and recreated the container. No changes to dig and nslookup

dig +short @10.0.1.2 hz.lan.lo

nslookup hz.lan.ro 10.0.1.2 Server: UnKnown Address: 10.0.1.2

*** UnKnown can't find hz.lan.ro: Non-existent domain

erikh commented 3 years ago

ok, I have reproduced this on windows only. Windows resolving using a linux zeronsd works fine.

erikh commented 3 years ago

I'll need to look at this tomorrow, but I strongly suspect it's firewall related. Will continue to chase this down.

erikh commented 2 years ago

@Kegelcizer finally got around to fixing this. sorry it took so damn long! :)