Unable to get zeronsd working (Ubuntu 22 LTS)

Hello all! I’ve been trying to get zeronsd working for my private network over the last few days, but to no avail. I’ve tried over and over again from scratch, with both official (“ZeroNSD Quickstart” - ZeroTier Docs) and non-official (“ZeroNS: Painless DNS for ZeroTier” - Alan Norbauer) guides. No luck, though.

The problem isn’t running the commands or anything, it’s just the final result. I can do everything fine, dpkg -i zerotier*_amd64.deb, zeronsd supervise, etc., but nothing. The service starts, adds and replaces records - but when I go to ping them, whether it be from the zeronsd host or a peer, nothing’s resolved. I’ve double-checked and triple-checked that ZeroTier DNS is enabled on every peer, and the same with the DNS configuration on my.zerotier.com.

Port’s open and recognisable too, at least by nmap.

C:\Users\Billy>nmap -p53
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-20 14:22 GMT
Nmap scan report for
Host is up (0.14s latency).

53/tcp open  domain
MAC Address: [REDACTED] (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 8.56 seconds

C:\Users\Billy>curl kimsufi.[domain]
curl: (6) Could not resolve host: kimsufi.[domain]

I tried both zeronsd-ubuntu22_0.5.2_amd64.deb and zeronsd_0.5.2_amd64.deb (I’m on Ubuntu 22.04.3), thinking it was potentially one of the .deb files. Alas, what do you think changes about the final result? I’ll give you a clue: nothing.

If anyone has any fixes for this, I’d highly appreciate it. I’ve been so frustrated with this.

Edit: I’ve been looking at trace & debug logs for zeronsd, and it looks like DNS requests aren’t getting through. Even when trying to ping a domain locally, it’s not being taken in by zerons. Is this potentially something to do with how I’ve set it up on ZeroTier’s control panel? I had set the search domain to my domain and the IP to the DNS host’s ZT IP, so unless if I’ve done something wrong that should all be a-okay. (I’m starting to think it’s incorrect)

1 Like


nslookup kimsufi.[domain] [ip-address of our ubuntu server]

If that does not work, is port 53 on your ubuntu server not in use by an other resolver?

I did the nslookup (bare with, am on phone):

permanently@nsXXXXXX:~$ nslookup kimsufi.[domain]

Name:   kimsufi.[domain]

Used netstat to check listening ports as well; there’s nothing else listening on port 53.

This computer cannot resolve kimsufi.[domain], my guess is that this computer does not use as nameserver

And this is the correct setting, right?

Edit: Worth noting that on my own desktop, my domain is also owned publicly. When I enable DNS configuration on ZeroTier, it can’t resolve public records to the domain, but also can’t resolve private. But, when I disable DNS, it can resolve public records again. Not sure if there’s a conflict there or just an indication that something’s going wrong.

Now, either you have redacted your domain or you are using [domain] in the settings, as the end user, you are supposed to replace this with an actual domain you own e.g. microsoft.com . Can you clarify if you redacted your domain, and that’s not simply an error on your part?

Yes, for clarification I have redacted my own domain.

Have you enabled the “Allow DNS” setting on the network clients? This must be done for them to configure DNS?

If yes? Are your windows machines connected to Active Directory? AD seems to block NRPT rules used by ZeroTier for a reason unknown to us. (We’re not AD experts here)

I have allowed DNS, yes. I own the same domain publicly, so if I hadn’t allowed DNS, it would redirect to the public A record I have set. (hence why I’m also redacting the domain)

I do not have Active Directory, and it does not have any connection to my ZeroTier, nor any of my devices.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.