I’m playing a bit with ZeroTier mainly as a replacement for my previous WireGuard solution which prove to be not maintainable.
Everything works quite well except for DNS. The DNS server settings propagates all well to the Mac but the DNS server is not marked as default so it is not used.
Please note that I’m using my DNS server in my router to serve “static” host names from my local LAN such as security cameras, printers, etc. The DNS server acts as resolving DNS server as well for everyone in my network. I’ve also successfully implemented DNSSEC and DoT which is the main advantage of the server. The DNS server advertises itself as .local domain.
Furthermore the ZeroTier UI now enforces some domain which prohibits the “local” keyword (I can imagine patching the source code to register the DNS Server as default). As the DNS Server is deployed in my home router which might have or might not have public IP address, it is quite difficult to put it under a regular domain. Even though that would require completely new software solution. The last and not least is the potential problem with reconfiguration of all my devices in the network to accept new host names.
What are your thoughts on this? How are you integrating ZeroTier with your existing network environment? What are the recommendations?
Thank you very much for any hint.
Regards,
PETR
P.S.: Please note that the Android App sets the DNS Server as OS-wide default which is the desired behavior in my opinion.
Our controller managed DNS feature is not meant to override all DNS on the system. It’s meant to provide an alternate DNS server for a specific search domain for situations like running in a Windows Domain.
On the Android & iOS apps, you may set DNS servers manually to override the system DNS, or use the controller configured DNS which behaves the same as macOS & Windows in providing a DNS server for a specific search domain. If your particular flavor of Android sets it as a system-wide DNS server, then that may be an implementation-specific irregularity of your Android version; not our intention with our implementation of controller based DNS configuration.
I understand that it’s not supposed to override the system DNS but it’s also not responding to NS queries like dig. It’s like the virtual ethernet adapter’s DNS setting is not recognized by some CLI commands. Ping works but dig or nslookups dont…
Gotcha, that sounds just fine. My personal issue is that golang’s DNS resolvers don’t recognize ZeroTier’s DNS settings so all apps made with Go aren’t able to resolve queries that should be sent to ZeroTier. It might also be my DNS configuration because I’m attempting to setup a stealth DNS Server. Either way thanks for the information!