zerotier / zeronsd Goto Github PK

(maybe this should be placed elsewhere, but i figured i'd open here.)

i recently had to switch over a windows machine for daily driving, so i was hoping to pick up using ZeroNS in the meantime.

so far, i've been able to install and start ZeroNS, but ping and nslookup both fail to resolve. i'm not too sure how to do logging/whatnot on windows, but i'm opening this to essentially report i'm a ready and willing test subject for ZeroNS on windows. 😂

My Ubuntu 20.04 VPS is modified to run without systemd-resolved due to dnsmasq. So is there a way to run ZeroSND together with dnsmasq and without systemd-resolved?

Using DNS forwarding via dnsmasq for .zt domain zone for example?

• OS X
• Windows
• Others?

basically i want to route the tld to a zt host, but a hosts entry of example.com becomes example.com.example.com

Currently this is tied only to https://my.zerotier.com. For dev & testing purposes, I'd like to be able to point it at a private instance of Central.

• zerotier container running and connected to the network
• zeronsd container running
• 2nd client windows with allow dns checked, but the interface does not have the dns server on it NRPT works
• ping works from both clients
• resolving from both clients does not work

If anything else is needed, please ask and I will add it here and on the gist.

Output of dig, nslookup, container, etc
https://gist.github.com/Kegelcizer/0bbba2ab8e95c5a965337edf69e064dd

Not sure if I should restrict this just to IPs on the network, or allow the hopefully obvious footgun of letting you listen on another, potentially non-zerotier IP address.

Comments welcome.

What's a good flow rule to include at the top of our rules if we want DNS queries against zeronsd to always resolve for everyone in the ZT network?

I've tried two approaches and neither work for some reason.

Approach 1 - Allow UDP on port 53 destined for my zeronsd server:

accept
  ztdest <zeronsd vl1 addr>
  and dport 53
  and ipprotocol udp
;

Approach 2 - From ZT docs, allow UDP server traffic:

tag udpserver
  id 1001
  default 0
  flag 0 is_udp_server
;

# Accept UDP traffic if the value of the udpserver tag is
# 1 when both sender and receiver tags are ORed together, 
# or if UDP traffic is multicast. This allows multicast mDNS 
# and Netbios announcements and allows UDP traffic to and 
# from UDP servers, but prohibits other horizontal UDP traffic.
accept
  ipprotocol udp
  and tor udpserver 1
  or chr multicast
;

break ipprotocol udp;

I'm testing with:

$ dig +short @<ZERONSD-ZT-IP> machine.in.my.zt.domain
;; connection timed out; no servers could be reached

Error during installation of zeronsd_0.2.2_amd64.deb on ubuntu 18.04

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"

Got the following when attempting install under Ubuntu.

Suggestions?

Charlie

=====

% dpkg -i zeronsd_0.2.2_amd64.deb
(Reading database ... 397800 files and directories currently installed.)
Preparing to unpack zeronsd_0.2.2_amd64.deb ...
Unpacking zeronsd (0.2.2) over (0.2.2) ...
dpkg: dependency problems prevent configuration of zeronsd:
zeronsd depends on libssl1.1 (>= 1.1.1d); however:
Version of libssl1.1:amd64 on system is 1.1.1-1ubuntu2.1~18.04.9.
zeronsd depends on libc6 (>= 2.28); however:
Version of libc6:amd64 on system is 2.27-3ubuntu1.4.

dpkg: error processing package zeronsd (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
zeronsd

I didn't know where in the docs this should go, so I'll just leave it here.

Here's a working OpenRC init.d script you can use on Alpine (or other compatible systems). Just replace <ZT-NETWORK>, <DOMAIN>, and <TOKEN>:

/etc/init.d/zeronsd:

#!/sbin/openrc-run

depend() {
    need zerotier-one
    use network dns logger netmount
}

description="zeronsd for network <ZT-NETWORK>"
command="/root/.cargo/bin/zeronsd"
command_args="start
              --token <TOKEN>
              --wildcard
              --domain <DOMAIN>
              <ZT-NETWORK>"
command_background="yes"
pidfile="/run/$RC_SVCNAME.pid"

Install zeronsd service to default runlevel with:
rc-update add zeronsd
(installing this will auto-start the zerotier-one service at boot as it is a hard dependency of zeronsd)

Start zeronsd service:
rc-service zeronsd start

Hi,
I'm trying to use ZeroNSd in a custom environment where I have a self-hosted ZT1 controller (and I use ZeroUI to interact with it, but that is another issue, I believe).

I am currently stuck with:

mcon@sid:~/projects/zeronsd/src$ /usr/sbin/zerotier-cli -T... listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 8613c47a541ea8a2 testing-sid a2:2e:0d:90:00:90 OK PRIVATE zt7rd5vuxw 172.30.74.198/24
mcon@sid:~/projects/zeronsd/src$ ZEROTIER_CENTRAL_TOKEN="..." sudo -E /home/mcon/.cargo/bin/zeronsd start -v -v -s /var/lib/zerotier-one/authtoken.secret -d condarelli.it 8613c47a541ea8a2
INFO - Welcome to ZeroNS!
ERROR - error in response: status code 403 Forbidden
mcon@sid:~/projects/zeronsd/src$ 

I have several issues with this code (note: I do not know Rust, so I will have problems providing patches):

1. The obvious one: what's going wrong?
2. Apparently using the "verbose" flag has no effect (I hoped to get info about which request failed)
3. I can (actually must) provide ZEROTIER_CENTRAL_TOKEN, but there's no equivalent for authtoken.secret
4. Having (3) we could drop need for being root and use setcap 'cap_net_bind_service+p' zeronsd instead.

In general my real question is in Subject and also "how do I debug this?"

If it matters: I am currently using a VirtualBox VM based on Debian Sid for development. It has almost nothing installed but what's needed here to compile/debug/test ZeroTier-One, ZeroUI and ZeroNSd.

Hi! Thanks for fixing that last one so fast.

I was testing and kept seeing this:

sudo -E zeronsd start a84ac5c10a744c9d
INFO - Welcome to ZeroNS!
ERROR - error in response: status code 404 Not Found

The problem is I wasn't joined to a84ac5c10a744c9d. And for whatever reason my headspace didn't know what was obviously happening.

Do you think it should say something like "You need to join a84ac5c10a744c9d first" ?

Just automatically joining a84ac5c10a744c9d for the user would be fancy, but probably too surprising.

If yes, I will do the patch.

Probably gonna give any front-side DNS cache a coronary with the way things are now

zeronsd (with ZT one 1.6.6) works on all mac/windows devices, but not on my iOS15 device.

Immediately after upgrading to iOS 15, all the DNS broke - only on that device. This was on ZT 1.6.6 for iOS.

I have also confirmed that everything still works on another iOS 14 device on the same network (ZT 1.6.6)

Reproduction:

• Create a network
• configure zeronsd to use that network with two authorized members
• change the subnet and trash the old addresses

Congratulations, your server is now unusable until restart.

Will get to this over the next few weeks.

👋 Coming over from Reddit. 😅 (I put together ZeroDNS.)

ZeroNS appears to resolve one of my goals with ZeroDNS – name resolution of ZeroTier peers. However, the other goal seems unsolved: allowing a Docker Compose stack to make use of said name resolution.

Maybe this is my networking ignorance showing – but would it make sense to have an edition of ZeroNS that runs within a Docker container, as well?

e.g. I currently have a few compose stacks that use a ZeroDNS container as their network router (via networks: ["container:zerodns"], or equivalent).

(May also be worth noting this is without setting up ZeroNS locally – I won't be able to get to this for a few days.)

(Also, I'm willing to take this up in the future; just inquiring at the moment.)

with previous version of zeronsd, I was using the following format in the hosts file (which worked)

10.147.20.216  hostname1
10.147.20.216  hostname2.corp

after rebuilding a lab environment with all new versions from scratch (new networks, new instances) this no longer seemed to work. I happened to try the following format, which did work for some reason:

10.147.20.216  hostname1 hostname2.corp

The help text does not clarify that after "enabling" the service you must still "start" it.

I would like to sync zerotier nodes to an existing DNS server

One way to do this is via zone transfer https://en.wikipedia.org/wiki/DNS_zone_transfer .

zeronsd would sync dns names from ZeroTier and then transfer them to an existing DNS server via zone transfer.

In this scenario, zeronsd is not used for resolving.

I've created some new networks to test some stuff, and am seeing errors like so:

export ZEROTIER_CENTRAL_TOKEN=`cat ~/zeronsd/.token2`

[travis@tankage ~]$ sudo -E zeronsd start 6ab565387a57a4f1
INFO - Welcome to ZeroNS!
ERROR - error in response: status code 404 Not Found
[travis@tankage ~]$ sudo -E zeronsd start a84ac5c10a744c9d
INFO - Welcome to ZeroNS!
ERROR - error in serde: invalid value: integer `3232285886`, expected i32 at line 32 column 20

curl 'https://my.zerotier.com/api/network/6ab565387a57a4f1' -H "Authorization: bearer ${ZEROTIER_CENTRAL_TOKEN}"
succeeds

and zeronsd is still working fine on my main, older network.
Maybe the API changed subltly, recently. hrm

Personal networks are expected to be home.arpa. by default; DNSSEC externally depends on this for some resolvers and caching nameservers.

We will want to default to this behavior in the future. This is expected to land around 0.3 when some other features are dropping.

Relevant reading:

https://www.ctrl.blog/entry/homenet-domain-name.html
https://www.rfc-editor.org/rfc/rfc8375.html

Using the quickstart guide’s beyond.corp TLD as an example, I would like to have members on <name>.beyond.corp, but I would also like to put one on beyond.corp itself.

Hello,
this is just a fun cool trick you can do, if you're running zeronsd.
I was just wondering what's a good way to help people find out about it. @erikh mentioned contrib directory.

get a list of hostnames, and save them in a file

nmap -sL 10.246.8.0/23 -oG - --dns-server=10.246.8.177 | grep -v "()" | grep Host:  | cut -d "(" -f2 | cut -d ")" -f1 > ~/.completion/hosts-8056c2e21c24673d

nmap -sL just queries for names and doesn't actually ping or scan. It doesn't take too long. Run it per network.

turn on autocomplete for ZSH

In .zshrc:

# get current hosts. zsh builtin stuff uses /etc/hosts, ~/.ssh/known_hosts, etc...
zstyle -s ':completion:*:hosts' hosts _hosts_config

# append hosts from zeronsd
[[ -r ~/.completion ]] && _hosts_config+=($(cat $HOME/.completion/hosts-*))
zstyle ':completion:*:hosts' hosts $_hosts_config

now you can type ssh zt-<TAB> and see your zerotier hostnames.

the nmap method probably doesn't get all the available names for a network like PTRs, stuff from zeronsd hosts files, etc. Haven't checked yet.

I guess just turn the nmap pipeline into a little script to make it easier to not forget how to do it and add a little readme for the .zshrc snippet and a bash equivalent?

Three ways we could do this:

• Refresh on the interval with the records. We were doing this before and it was causing trouble, but that should be easier to fix now.
• inotify/similar notification systems could help us determine when the file changes, and when to read it.
• refresh on signal or subcommand (which could just send a signal). We talk about control sockets in #1, maybe this is another good use for it.

Hello,

If I may...

At least me need better explanations, as I love Zerotier I was looking for this but I'm coming to my knowledge limits.
We have to tell clearly that each install method are exclusive (nothing is obvious).

A- Linux install
A1- Cargo Install
Prerequisites : - A linux running Debian
- A rust env (link to how to install on Debian)
- A Zerotier central token (where to find it or where to generate it + how to make the token file, should it be an export ZEROTIER_CENTRAL_TOKEN="xyz" bash script or a simple plain text containing the token ?)
- ZT hosts setup...(I imagine names in ZT central UI should not have spaces or if they can how do they translate in domain name ?)
Install steps : -
-
Verify steps : -
-

A2- Docker install
.
.
(here, a portainer yaml file would be nice:-) )
_____________________ .
B- OS X Install
.
.
.

C- Windows Install
.
.
.

D- Common error messages and how to deal with each

I don't mean to seem bossy, but I'm lost. I tried the cargo method on a Turnkey-core and I got

Welcome to ZeroNS!
Your IP for this network: fd9f:77fc:xxxx:xxxx:xxxxe
error syncing members: error in response: status code 403 Forbidden
Error: error in response: status code 403 Forbidden        

I discovered that the existing token in ZT central was not the one I needed, and that I had to generate a new one...
The I got

Welcome to ZeroNS!
Your IP for this network: fd9f:77fc:xxxx:xxxx:xxxxe
error configuring authority: unrecognized char:
PTR records are not supported on IPv6 networks (yet!)

error configuring authority: unrecognized char:

and also I discovered that the command line is active so if I CTRL-C I kill it...
See... These must be beginers problems but I didn't resolve any and trying
$ host MemberName.domain ZdnsRunningHost
doesn't give me any answer.

Hope this helps

Regards

V.

I am running zerosnd on an Unraid server using the docker container but the default container setup does not execute directly out of the box. I currently work around this by using portainer to update the cmd arg to be

/bin/sh -c '/usr/bin/zeronsd 'start XXXXXXXXXXXXXXXX -d "XXXX.hollebone.ca"' and overriding the entry point to null.

My issue is every time the container is updated/recreated, I have to manually update the container entry point. I would like to request an enhancement that would allow the configuration to be pass into the docker container either as environment variables or by config file. A possible path could be to have zerosnd to use environment variables for all the cmd line args ie. network and domain etc. like it does for the ZEROTIER_CENTRAL_TOKEN

Unit generator needs After=zerotier-one.service, otherwise it may start nsd service before zerotier proper:

# systemd-analyze critical-chain zeronsd-<ZTnetID>.service

zeronsd-<ZTnetID>.service @1.051s
└─basic.target @1.032s
  └─sysinit.target @1.028s
    └─systemd-udevd.service @987ms +40ms
      └─systemd-hwdb-update.service @378ms +578ms
        └─systemd-remount-fs.service @282ms +79ms
          └─systemd-journald.socket @192ms
            └─-.mount @190ms
              └─systemd-journald.socket @192ms
                └─...

This would turn something like: Erik's Laptop into eriks-laptop

Make the packages.

https://github.com/burtonageo/cargo-bundle looks like it'll help.

I looked at the quickstart - but I don't get the need for the "ZeroTier Systemd Manager" install.

What's the difference to just run zeronsd through systemd?

Would be great to expand on this in the quickstart.

I think you already had this as a TODO somewhere, and mention it in #2.

Here are the rfc4193 and 6plane calculators https://github.com/zerotier/ZeroTierOne/blob/e8f7d5ef9e7ba6be0b2163cfa31f8817ba5b18f4/node/InetAddress.cpp#L410

I saw the documentation section on Serving non-ZeroTier records but it only allows fallback to a hosts file.

Would it be possible to allow fallback to another DNS server instead, when there is no record, even if the TLD matches the ZeroNS TLD? This would allow me to have entries for the same domain in both ZeroNS and public DNS and my end-users wouldn't have to use a different subdomain for some services. With a hosts file I'd have to replicate what I have in public DNS in my hosts file, which I'd rather not do.

e.g. I'd make ZeroNS tied to example.com, in a public DNS somewhere (let's say Cloudflare) I'd have public DNS records for serviceA.example.com and serviceB.example.com. I'd have ZeroNS bound to example.com, it would have a record for serviceC.example.com (which it could serve directly), but DNS queries for serviceA.example.com would fall through to the backup nameserver (in this case, 1.1.1.1).

Since clap updated to a new major verison yesterday, Zeronsd does not compile correctly.
The specific errors are

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/supervise.rs:91:18
   |
91 | impl From<&clap::ArgMatches<'_>> for Properties {
   |                  ^^^^^^^^^^---- help: remove these generics
   |                  |
   |                  expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:39:29
   |
39 | fn unsupervise(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                             ^^^^^^^^^^---- help: remove these generics
   |                             |
   |                             expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:43:27
   |
43 | fn supervise(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                           ^^^^^^^^^^---- help: remove these generics
   |                           |
   |                           expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:47:23
   |
47 | fn start(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                       ^^^^^^^^^^---- help: remove these generics
   |                       |
   |                       expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/supervise.rs:92:26
   |
92 |     fn from(args: &clap::ArgMatches<'_>) -> Self {
   |                          ^^^^^^^^^^---- help: remove these generics
   |                          |
   |                          expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

For more information about this error, try `rustc --explain E0107`.

for now I installed with cargo install --locked zeronsd

Hi!

It'd be cool to be able to see the names of everything on the network without having to go to Central.
We talked about allowing AXFR from localhost and that makes sense.
But I also think allowing it for the whole zerotier subnet makes sense too for some uses at least, like the home lab type network. So behind a flag?

For example, I'm going to be running zeronsd on some server, but spending most of my time working and administrating stuff from a laptop, and I can never remember the names of things.

I just saw on the trust-dns readme AXFR is an on/off thing at the moment. No limiting by address.

Other options would be.. Host as hostsfile or something on some http endpoint in zeronsd, which seems less good.

Hi,
just wanted to write this down and see if anyone else had interest or comments.

SSHFP records just let you skip this thing:

The authenticity of host 'examplehost.example.org (192.0.2.123)' can't be established.
ECDSA key fingerprint is SHA256:MH85JK0yq+JNl1lPKUlxit+dGFqWMS/MmohcINp/e9Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

We're already on a secure transport (zerotier), so that's cool. I'm not sure how much dnssec would have to be rubbed on zeronsd.

2.4.  Authentication

   A public key verified using this method MUST NOT be trusted if the
   SSHFP resource record (RR) used for verification was not
   authenticated by a trusted SIG RR.

   Clients that do validate the DNSSEC signatures themselves SHOULD use
   standard DNSSEC validation procedures.

   Clients that do not validate the DNSSEC signatures themselves MUST
   use a secure transport (e.g., TSIG [9], SIG(0) [10], or IPsec [8])
   between themselves and the entity performing

Mac authtoken is @ /Library/Application\ Support/ZeroTier/One/authtoken.secret

Just marking this as a thing we want to do, and provide some staging questions:

• CA distribution is an issue
• Priming resolvers (browsers and electron, in particular) may also be an issue

Disclaimer: I know nothing about Rust, Rust programming, Cargo, Rust and such; this could well be entirely my fault, please be lenient.

I was trying to setup this in a container (FROM rust:alpine), but standard zeronsd start -d <domain> <network-id> simply exited with an uninformative "Segmentation fault" error.

I then made a VirualBox VM with the same content as Docker Container, compiled with debugging symbols and fired-up rust-gdb --args /home/mcondarelli/zeronsd/target/debug/zeronsd start ...
Sure enough I got the same error.

alpine:~# ./start.zeronsd.sh 
GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/mcondarelli/zeronsd/target/debug/zeronsd...
(gdb) r
Starting program: /home/mcondarelli/zeronsd/target/debug/zeronsd start -d <domain> <network-id>
[New LWP 12918]

Thread 1 "zeronsd" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007ffff76ffc7a in openssl::ssl::SslMethod::tls () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.35/src/ssl/mod.rs:324
#2  0x00007ffff76f53c2 in native_tls::imp::TlsConnector::new (builder=0x7ffffffedcc0) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/imp/openssl.rs:257
#3  0x00007ffff76f6c32 in native_tls::TlsConnectorBuilder::build (self=0x7ffffffedcc0) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/lib.rs:433
#4  0x00007ffff75e26e0 in reqwest::connect::Connector::new_default_tls<core::option::Option<std::net::ip::IpAddr>> (http=..., tls=..., proxies=Arc(strong=2, weak=0) = {...}, user_agent=..., 
    local_addr=<error reading variable: Cannot access memory at address 0x0>, nodelay=true) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/connect.rs:220
#5  0x00007ffff75b57ed in reqwest::async_impl::client::ClientBuilder::build (self=...) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/async_impl/client.rs:253
#6  0x00007ffff75b654d in reqwest::async_impl::client::Client::new () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/async_impl/client.rs:1088
#7  0x00007ffff75235cc in zerotier_central_api::apis::configuration::{{impl}}::default () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/zerotier-central-api-1.0.2/src/apis/configuration.rs:45
#8  0x00007ffff70603a2 in zeronsd::utils::central_config (token=<error reading variable: Cannot access memory at address 0x5>) at src/utils.rs:21
#9  0x00007ffff6fc0f36 in zeronsd::start (args=0x7ffff8002e38) at src/main.rs:60
#10 0x00007ffff6fc4856 in zeronsd::main () at src/main.rs:211
(gdb) 

An attempt to follow initialization seems to crash when stepping into /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/imp/openssl.rs#94 ..> ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);.

What am I doing so wrong?

The issue is self-explanatory.

No short names for nodes have space separators, but as soon as I add a node description with a space separator, I start to see this error and the DNS no longer resolves:

error configuring authority: unrecognized char:

When I remove the description, the issue resolves

Any clue ? ( I do not know rust)
cargo install --git https://github.com/zerotier/zeronsd --branch main
...........
Compiling resolv-conf v0.7.0
Compiling clap v2.33.3
Compiling mime_guess v2.0.3
Compiling url v2.2.2
Compiling rand_chacha v0.3.0
error: could not compile regex-syntax
Caused by:
process didn't exit successfully: rustc --crate-name regex_syntax --edition=2018 /home/stud/stud/.cargo/registry/src/github.com-1ecc6299db9ec823/regex-syntax-0.6.25/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts --crate-type lib --emit=dep-info,metadata,link -C opt-level=3 -C embed-bitcode=no --cfg 'feature="default"' --cfg 'feature="unicode"' --cfg 'feature="unicode-age"' --cfg 'feature="unicode-bool"' --cfg 'feature="unicode-case"' --cfg 'feature="unicode-gencat"' --cfg 'feature="unicode-perl"' --cfg 'feature="unicode-script"' --cfg 'feature="unicode-segment"' -C metadata=ba3e243391837928 -C extra-filename=-ba3e243391837928 --out-dir /tmp/cargo-installmNuNrh/release/deps -L dependency=/tmp/cargo-installmNuNrh/release/deps --cap-lints allow (signal: 9, SIGKILL: kill)
warning: build failed, waiting for other jobs to finish...
error: failed to compile zeronsd v0.1.0 (https://github.com/zerotier/zeronsd?branch=main#aa5b8c45), intermediate artifacts can be found at /tmp/cargo-installmNuNrh

So here is my setup

I have 2 machines: one is my personal Server running Debian 10 with nginx/php/mysql and samba, let's call it deb-srv, and the other is my Laptop, which is installed with Linux Mint 20.1 together with Windows 10 Home (dual systems, not on VM) and is under another physical sub network.

I have ZeroTier and zeronsd installed and configured on deb-srv using intra.mydomain.com, and all 3 systems joined in the same ZeroTier network (so there are 3 nodes under the network, but always up to 2 nodes are online), for which I have verified by connecting via ZeroTier Intranet IPs.

I CAN connect to deb-srv using intra.mydomain.com (ping, ssh, http/https, samba) from my Laptop when under Linux Mint, but if I reboot to Windows on the same laptop (still under the same physical network), I can only connect to deb-srv using the ZeroTier Intranet IP but not intra.mydomain.com.

I have confirmed on either GUI and command line (powershell) that allowDNS is TRUE for the Windows client, and I have tried to restart the whole Windows system and the windows ZeroTier-One client for several times, but still not working.

Also I tried to set manually again by zerotier-cli set network-id allowDNS=1, as well as un-check and re-check the allowDNS checkbox and restart the client - still no hope

I also tried under Administrator to ipconfig /flushdns as well as Clear-DnsClientCache and then reboot the system - still no hope...

I also tried to quit from the ZeroTier network from Windows and re-join, still nothing changed...

Under Windows on the Laptop:

ping intra.mydomain.com
Ping request could not find host intra.mydomain.com. Please check the name and try again.

ping 172.30..

Pinging 172.30.. with 32 bytes of data:
Reply from 172.30..: bytes=32 time=27ms TTL=64
Reply from 172.30..: bytes=32 time=27ms TTL=64

Quick note so I don't forget. Will try to test and fix soonish if someone else doesn't.

I had a NodeA and a NodeB. I changed the name of NodeA to NodeB and NodeB to NodeOld. The new NodeB then had two A records.

travis@tl-zt ZeroTierOne % host changed.tarv.xyz 100.64.64.68
Using domain server:
Name: 100.64.64.68
Address: 100.64.64.68#53
Aliases:

changed.tarv.xyz has address 100.64.64.74
changed.tarv.xyz has address 100.64.64.96

travis@tl-zt ZeroTierOne % host old.tarv.xyz 100.64.64.68
Using domain server:
Name: 100.64.64.68
Address: 100.64.64.68#53
Aliases:

old.tarv.xyz has address 100.64.64.74

Hello,
this is not an issue, it's more like a question.
I would like to know is it possible to use ZeroNSD with the DNS server that is deployed inside LAN.
I want that ZeroNSD and local DNS use same domain name, so the desired behavior would be:

When I'm working from home, and I want to use some services from the office, I would use Zerotier network and ZeroNSD, but when I go to the office I want to use the DNS server from the office network. Is it possible to configure the network to work in that manner, it should be able to "detect" the network I'm using and then to redirect to the DNS on that network.
OS used for this are Debian 11 and Windows.

Thanks :)

hi, i'm trying to setup this in a bunch of my linux boxes... i set up the dns "server" part on a cloud vps, and from windows pc (after adding the allowdns checkbox) i can ping them all now... same from the cloud dns itself...

but no one of the linux boxes can resolve the other devices name... i did the zerotier-cli set net-id allowdns=1, i see that zerotier-cli get net-id allowdns reports 1, and zerotier-cli listnetworks -j too, restarted the daemon, the full linux box itself, too, but nothing, they can't resolve any host on my zt network... what am i missing?

also, how to enable this in openwrt? what to add to /etc/config/zerotier file, or which other if not this?

ALL of my systems are at latest 1.6.5 version

thanks

Hello,

I have a network of two machines - cloud linux and local windows laptop
Followed guide to install zeronsd and add a domain

When I ping from cloud linux machine, both the systems ips resolve but doing so in Windows causes timeout.

Maybe I am missing something.

Since this is planned but no real ticket for it yet, let me mention first that #2 covers this to a degree as well as other discussions we have had. It should be capable of:

• Listening on more than one host: (#25) for 6plane and rfc4193 addresses. Ideally, we should just allow a list of hosts or a CIDR to be passed.
• Listening for wildcards (#24, #2) covers situations like PTRv6 records which need to match a 6plane allocation.
• Finally, some kind of solution for name -> CIDR mapping that is effectively one to many, but I'm fairly certainly supplying the whole CIDR in a AAAA response would explode most computers. I need to research this part more. member ids can be mapped with a wildcard.

This cropped up in 0.1.6, but has probably always been there. Results in a hang and requires a manual restart.

Fix coming soon; just noting it here for now.

Since we have proper CIDR information about the network + are the resolver for many clients, let's populate data about reverse DNS lookups.

The name/zt- scheme should still work for these records; so that a PTR record results in the follow results (in order of preference):

• named domain
• zt-<memberid> domain

IOW, if you have a member named erik who has identity deadbeef, it would be erik.domain. If the member was unnamed, it would be zt-deadbeef.domain.

• IPv4
• IPv6

I have found myself wanting *.zt-my-id.example.com (and/or *.my-node-name.example.com)

So that I can have like api.travis.example.com, static.travis.example.com, otherapp.travis.example.com etc

Maybe as flag to enable it or not.