Skip to main content
All CollectionsGeneral
New feature introduction: Manage DNS
New feature introduction: Manage DNS
M
Written by Max Ma
Updated over a month ago

Description:

Manage DNS is a new feature for Netmaker. With it, the hosts are able to communicate each other with domain name, rather than ip address.

Notice: Only Linux client supports Manage DNS at the stage.

Notice: Manage DNS relies on broker message to sync up the DNS entries. Without broker available, manage DNS does not work properly.

It is an out-of-box feature once the Manage DNS is enabled in netmaker.env file. By default, it's disabled, but it can be enabled by adding `MANAGE_DNS=true` in the netmaker.env file.

It's a different feature with CoreDNS. Manage DNS does not need to enable CoreDNS.

By default, every hosts registered will be added a domain name. The format is <hostname>.<network name>, for example "hostA.neworkA".

No manual setup is required in netclient side, all is handled by netclient itself. netclient checks if Manage DNS is enabled or not in startup. If it's enabled, netclient activates the DNS components automatically.

extClient does support Manage DNS as well once DNS field is specified in the wireguard config file, for example,

`DNS = <Remote Access Gateway ip>`, here <Remote Access Gateway ip> please change it to Remote Access Gateway's vpn ip.

Whether it needs extra manual setup depends on how the DNS is configured on Operation System.

If the systemd-resolved runs on STUB mode(network interface specific DNS server is supported), there is no extra manual change required for extClient. Once extClient is up, it should be able to communicate via domain name.

If the systemd-resolved runs on UPLINK mode, please edit /etc/systemd/resolv.conf and add DNS=<Remote Access Gateway ip> ,

and then run command `systemctl restart systemd-resolved` to restart systemd-resolved.

Here, <Remote Access Gateway ip> please change it to Remote Access Gateway's vpn ip.

The reason why it needs manual changes. It's because it does not support interface specific DNS server other than STUB mode. It has to add the DNS settings in global scope.

Please change it back after the extClient down or uninstalled.

Other than systemd-resolved STUB/UPlINK mode, or the DNS is managed by resolv.conf file, it will need to add the nameserver manually.

Edit `/etc/resolv.conf` file, add/edit,

nameserver <Remote Access Gateway ip>
search <network name> .

Here, <Remote Access Gateway ip> please change it to Remote Access Gateway's vpn ip;<network name>, please change it to the network name which the extClient belongs to.

The reason why it needs manual changes. It's because it does not support interface specific DNS server other than STUB mode. It has to add the DNS settings in global scope.

Please change it back after the extClient down or uninstalled.

Manage DNS does not support resolvconf for netclient(extClient works fine), (resolvconf.8, https://manpages.ubuntu.com/manpages/trusty/man8/resolvconf.8.html). Actually most of the Linux distribution deliver with systemd-resolved in recent versions. resolvconf is rare used.

Troubleshooting:

  1. If netclient fails to restore DNS settings, how to recover?

    A: When Manage DNS is enabled, netclient changes the DNS settings so that host can be resolved by domain name. Once netclient stop or removed, the DNS settings will be restored. How about if something wrong in the restore process? Is there any impact to DNS resolution?

    It depends on how the system manage the DNS settings.

    If systemd-resolved runs on STUB mode, there is no impact and there is no extra manual steps. Because STUB support interface specific DNS server, once the interface is down or removed, all the settings will be removed as well.

    For other than STUB mode, the DNS setting changes in global scope. If it's not recovered successfully, it may impact the DNS resolution later.

    The workaround:

    1. Before changing the resolv.conf file, it's been saved a copy in "/etc/netclient/resolv.conf.nm.bkp". If the backup file is existed, please replace the "/etc/resolv.conf" with it.

    Or 2. If it is not existed, please review the "/etc/resolv.conf", and remove the DNS server (netmaker VPN ip) and remove the search domain(netmaker network name).

    That's all netclient added to the file.

  2. On extClient, if there is wrong vpn ip returned from ping or nslookup or dig, it might be caused by VPN ip change from some of hosts. While the old ips are still in local systemd-resolved cache.

    The workaround:

    run command `resolvectl flush-caches`
    โ€‹

  3. On ipv6 only extClient, if ping public domain for example, it always try to connect via ipv4 address, it's caused by the wireguard config file. The default config file is generated for ipv4 or ipv4/ipv6. For ipv6 only host, it will need to tailor the config.

    The workaround:

    Edit the wireguard config file and update the AllowedIps section, to remove the ipv4 address/range there and only keep the ipv6 address/range.

  4. On Debian 11 on Digital Ocean, resolvconf is installed and enabled by default, how to make Manage DNS work on it for netclient(extClient does not have the issue)?

    Actually systemd-resolved is installed as well, it is not activated.

    The workaround:

    Remove resolvconf and enable systemd-resolved with commands,

    apt remove resolvconf && systemctl enable systemd-resolved && systemctl restart systemd-resolved, and then install netclient.

Did this answer your question?