netbird Add DNS routes

Describe your changes

This PR adds DNS routes.

Given domains are resolved periodically and resolved IPs are replaced with the new ones. Unless the flag keep_route is set to true, then only new ones are added. This option is helpful if there are long-running connections that might still point to old IP addresses from changed DNS records.

This feature is not yet ready to catch changes from resolvers that use round-robin DNS.

Example route creation


api_url="http://localhost:8080/api"
api_token=xxx
peer_group_id=xxx
group_id=xxx

curl -X POST "$api_url/routes" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $api_token" \
    --data-raw '{
      "description": "",
      "network_id": "dns-route",
      "enabled": true,
      "peer_groups": [
        "'$peer_group_id'"
      ],
      "domains": [
        "netbird.io",
        "www.netbird.io",
        "google.com"
      ],
      "keep_route": true,
      "metric": 9999,
      "masquerade": true,
      "groups": [
        "'$group_id'"
      ]
    }'
}'

Viewing resolved IPs Currently resolved IPs can be viewed by running

netbird routes ls

Example output:

Available Routes:

  - ID: dns-route
    Domains: netbird.io, www.netbird.io, google.com
    Status: Selected
    Resolved IPs:
      [netbird.io]: 2a05:d014:1f8d:7302:ebca:ec15:b24d:d07e, 18.158.22.172
      [www.netbird.io]: 2a05:d014:1f8d:7302:ebca:ec15:b24d:d07e, 18.158.22.172
      [google.com]: 172.217.161.46, 2404:6800:4004:825::200e, 172.217.161.78, 142.251.42.142, 2404:6800:4004:80b::200e, 2404:6800:4004:80a::200e, 2404:6800:4008:c06::8b, 2404:6800:4008:c06::8a, 2404:6800:4008:c06::65, 2404:6800:4008:c06::66, 142.251.222.14, 2404:6800:4004:80f::200e

Status Routes can be tracked via netbird status -d as usual:

On the client:

Peers detail:
 router1.netbird.cloud:
  NetBird IP: 100.64.117.193
  Public key: AcqMAbqyU0/rWxLpOXvMyg3z2bVA8GnMeqONEMN6ejo=
  Status: Connected
  -- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/host
  ICE candidate endpoints (Local/Remote): 192.168.141.1:51820/172.16.127.130:51820
  Last connection update: 21 minutes, 31 seconds ago
  Last WireGuard handshake: 1 minute ago
  Transfer status (received/sent) 148 B/31.5 KiB
  Quantum resistance: false
  Routes: 1.1.1.1/32, netbird.io, www.netbird.io, google.com
  Latency: 1.891443ms

On the routing peer:

OS: linux/amd64
Daemon version: development
CLI version: development
Management: Connected to http://api.netbird.io:443
Signal: Connected to https://signal.netbird.io:443
Relays:
  [stun:turn.stage.netbird.io:3478] is Available
  [turns:turn.stage.netbird.io:3478?transport=tcp] is Available
Nameservers:
FQDN: router1.netbird.cloud
NetBird IP: 100.64.117.193/16
Interface type: Kernel
Quantum resistance: false
Routes: 1.1.1.1/32, netbird.io, www.netbird.io, google.com
Peers count: 1/1 Connected

Issue ticket number and link

Checklist

[ ] Is it a bug fix
[ ] Is a typo/documentation fix
[x] Is a feature enhancement
[x] It is a refactor
[x] Created tests that fail without the change (if possible)
[ ] Extended the README / documentation, if necessary

May 07 '24 18:05 lixmal

Not digging into the details (maybe it's here), but it's worth watching out for resolving DNS names on the Peer doing the routing from within the network.