firezone icon indicating copy to clipboard operation
firezone copied to clipboard
verified publisher icon firezone

Refactor DNS resources

Open conectado opened this issue 1 year ago • 1 comments

This is needed to:

  • Have an stable per-resource IP and have more stability with browsers or other applications that cache IPs for a long time
  • Be able to apply filters on overlapping dns resources

The way to achieve this is:

  • Have the client generate multiple unique ips per-fqdn in queries
  • Pick the resource that will be used after we see traffic for those generated ips
  • Have the gateway mangle traffic based on the associated fqdn for that ip
  • Use source port nating to distinguish traffic in the gateway
  • Do Ipv4-in-Ipv6 and Ipv6-in-Ipv4 to be able to work for ipv4/ipv6-only resources

conectado avatar May 15 '24 16:05 conectado

refs #3369 -- we can probably close that when this is closed.

jamilbk avatar May 15 '24 16:05 jamilbk