Still required to set allowDNS, can it be global?

Now that the DNS option is official, and the UI online is exposed without having to set anything special for it, is there a way to push this from the central config instead of managing it on all the clients by setting allowDNS?

Particularly frustrating case as I have had a few systems, for whatever reason, revert to allowDNS=0. They also have been in a state where they were “joined” to the network, and the online panel showed they were connected, but no traffic could pass over the network. But that is really a separate issue.

I don’t know why it would change to 0 once set to 1, they do not have the GUI portion installed so there is no way the user could have changed it inadvertently.

Sorry but no. It is disabled by default so someone doesn’t join a network and have their DNS overridden unknowingly. It’s the same philosophy behind the Allow Default, and Allow Global settings.

If you are deploying a fleet of machines that all need to have this setting, there are deployment and configuration management tools that can do that for you, but it’s outside the scope of ZeroTier itself.

I get that it isn’t on “by default”, but not having a way to centrally manage it seems quite odd. How is it different than managing the pushing of networks, which also alter the client environment?

You cannot push new networks to join with anything we offer.

No, managed routes, which as I have demonstrated already can really mess up a client, but they can be pushed from the managed interface, so why not DNS?

Because it’s one of the limitations we have set in our software. You cannot push a default route, globally addressable IP address, or DNS configuration to a client without configuring the client to accept them. This is for security purposes as these changes could be used for connection hijacking, remote access from the internet at large, MITM attacks, etc.

There are configuration management and devops software packages available to install and manage configuration of software on machines you manage. I’d suggest looking into one of those for your needs.

It would be nice, then, once set, that it doesn’t randomly turn off. :slight_smile:

If a network is left & then joined again, then yes, it will be reset. It’s set on a per join basis. It’s not a global setting across all networks on the client.

Wow, so that makes it even worse. But whatever, ye will do what ye will do.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.