Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[client, management] Support DNS Labels for Peer Addressing #3252

Merged
merged 28 commits into from
Feb 20, 2025
Merged

[client, management] Support DNS Labels for Peer Addressing #3252

merged 28 commits into from
Feb 20, 2025

Conversation

hakansa
Copy link
Contributor

@hakansa hakansa commented Jan 30, 2025
edited by mlsmaycon
Loading

Describe your changes

Adding support for extra DNS labels that allow peers to be addressed using user-defined names.

--extra-dns-labels strings        Sets DNS labels. You can specify a comma-separated list of up to 32 labels. An empty string "" clears the previous configuration. E.g. --extra-dns-labels vpc1 or --extra-dns-labels vpc1,mgmt1 or --extra-dns-labels ""

Example:

netbird up --setup-key ZZZZ-XXXX --extra-dns-labels service1,service2

This feature requires a setup-key with permissions to add peers with the extra labels.

Multiple peers with the same extra labels will generate grouped DNS labels on the client side, and this feature can be used for DNS round-robing load balancing.

Issue ticket number and link

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

@CLAassistant
Copy link

CLAassistant commented Jan 30, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

lixmal
lixmal reviewed Feb 5, 2025
View reviewed changes
lixmal
lixmal previously approved these changes Feb 7, 2025
View reviewed changes
@hakansa hakansa marked this pull request as ready for review February 13, 2025 07:15
@hakansa hakansa self-assigned this Feb 14, 2025
lixmal
lixmal previously approved these changes Feb 14, 2025
View reviewed changes
lixmal
lixmal previously approved these changes Feb 18, 2025
View reviewed changes
@hakansa
[management] Support Extra DNS Labels for Peer Addressing (#3291)
f2c867c 
[management] Support Extra DNS Labels for Peer Addressing
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.6% Duplication on New Code

See analysis details on SonarQube Cloud

@lixmal lixmal changed the title [client] Support DNS Labels for Peer Addressing [client, management] Support DNS Labels for Peer Addressing Feb 20, 2025
@hakansa hakansa merged commit 39986b0 into main Feb 20, 2025
44 of 45 checks passed
@hakansa hakansa deleted the feature/dns-labels branch February 20, 2025 10:43
This was referenced Feb 21, 2025
Open
Open
@pktiuk
Copy link

pktiuk commented Feb 23, 2025

@hakansa
Could you provide some screens or instruction showing how to use this feature? (TBH I don't know where I should look for this option)

CertainLach
CertainLach reviewed Mar 18, 2025
View reviewed changes
client/internal/dns/local.go
records := d.lookupRecords(r)
if len(records) > 0 {
replyMessage.Rcode = dns.RcodeSuccess
replyMessage.Answer = append(replyMessage.Answer, records...)
} else {
replyMessage.Rcode = dns.RcodeNameError
Copy link

@CertainLach CertainLach Mar 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change has broken DNS for me.

I don't have DNS server added to netbird, thus netbird can only resolve subdomains of netbird.local

However, netbird sets search domain to netbird.local, thus any search first comes through netbird embedded DNS

E.g, when I do resolvectl query google.com, resolved first tries to ask netbird for google.com.netbird.local.

And there is a bug: in my case netbird can't lookup google.com, and thus returns NXDOMAIN (RcodeNameError) error, making systemd-resolved skip all other DNS servers and return the answer directly:

google.com: resolve call failed: Could not resolve 'google.com', server or network returned error: SERVFAIL

If netbird DNS server is not authoritative (i.e it has no DNS server defined in dashboard), it should instead return RcodeSuccess with zero records, so that resolved can continue the search using system DNS server.

The previous code was working, because it was responding with zero records in that case.

Copy link

@CertainLach CertainLach Mar 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...Or I misunderstood the DNS specification?
For now, I have added DNS in netbird dashboard and it works, but it doesn't seem right that system DNS is skipped now

Edit: In systemd-resolved, FallbackDNS only works when there is no other DNS server defined
Adding 1.1.1.1 as global DNS server and removing DNS servers from netbird dashboard have fixed the issue for me, I'm not sure why did it work out of the box on previous netbird version, but it doesn't seem right that netbird tries to handle all DNS by itself when no DNS server is defined in dashboard.
Looks like I have bisected it to the wrong place, but it definitely broken after merging this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CertainLach CertainLach CertainLach left review comments

@lixmal lixmal lixmal approved these changes

Assignees

@hakansa hakansa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hakansa @CLAassistant @pktiuk @CertainLach @lixmal