We have a ZT network setup with DNS Push. Every once in a while clients are unable to resolve names within the published domain. It will work for weeks without issue, and then suddenly clients will be unable to resolve names within the published domain. Using PING to attempt to resolve just results in name could not be found. The browser is a DNS (host not found) error. This problem will occasionally just resolve itself after some time, disconnecting a client and reconnecting it from the ZT client UI sometimes works, sometimes doesn’t.
- All clients are on current version of ZT (1.14.2)
- Get-DnsClientNrptpolicy -effective (output is the same whether DNS is working or not)
- The server where DNS is hosted does not show any interesting event logs in the DNS Server logs (Windows Server btw)
- Test-NetConnection -ComputerName 1.2.3.4 -Port 53 (successful when things are working)
- Unable to use nslookup at the moment since it just times out all the time…working on this.
Has anyone else experienced anything like this? Have any other troubleshooting steps that might be helpful in identifying what is falling down?
Appreciate any help.
EDIT: During a recent problem period. This test – Test-NetConnection -ComputerName 1.2.3.4 -Port 53 - failed.
On that server 1.2.3.4 (this is the one hosting DNS), I disconnected from the ZT network, restarted the ZT service, and then reconnected. For several minutes after that, the network was stuck in REQUESTING_CONFIGURATION, and then it resolved itself.
FWIW, we are strictly controlling UDP ports, so the only one that is allowed to be used for ZT is 9993.
I am using default ZT controllers (i.e. not running these on my own).
EDIT #2 : I was able to make updates to our firewall rules (at least temporarily) to allow UDP high ports. The first thing I noticed is that almost all of the “peers” listed on the DNS server went from RELAY to DIRECT. Maybe this will reduce latency/connectivity on that server enough to resolve issues…waiting.