netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

Custom DNS records

Open alexcupertme opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe. For now to get stable and agile private DNS our team needs to set up additional host and container with PowerDNS which communicates with Netbird API

Describe the solution you'd like It would be great if we could manage custom dns records for servers, multiple domains or zones, and tune it with API inside Netbird. Netbird already has DNS feature but it has a lot of limits, like we cannot change domain name of a server, or access it through its FQDN (hostname)

alexcupertme avatar Sep 27 '24 20:09 alexcupertme

Hi @alexcupertme I'm curious whats your use case with PowerDNS and what scenarious you implemented (especially the Netbird API part).

I my scenario I setup a dedicated DNS server (Technitium DNS Server) to manage DNS zones which also resolve via public DNS records Example:

  • wiki.corp.acme > Public DNS > Reverse Proxy
  • wiki.corp.acme > Netbird > Technitium DNS > CNAME to wiki.selfhosted

Regards, Flo.

florian-obradovic avatar Sep 30 '24 07:09 florian-obradovic

@florian-obradovic Hi! Our main goal was to achieve automatic DNS management so only thing we have to configure is deploy a new peer and set it's hostname with --hostname flag (e.g. netbird --setup-key ... --hostname service01.prod.company.net). And we've implemented CRON job that fetches all peers via API which are online and have specific group, takes peer hostname and domain and creates A record for that(these) peer.

alexcupertme avatar Oct 01 '24 15:10 alexcupertme

@alexcupertme thanks for heads up. Wouldn't it be more reliable if you would use CNAMES? So in case you have to re-onboard a peer (which would change it's NB-IP-Address)? Do you have a code sample or gist? :)

florian-obradovic avatar Oct 01 '24 17:10 florian-obradovic

@florian-obradovic The main problem we are struggling with for now, is that peer uses public DNS records instead of our private. It happens often because we've registered these domains and also connected to Cloudflare for issuing Let's encrypt certificates (DNS challenge).

e.g.: peer has 2 nameservers in resolv.conf, our private and public, and tries to connect to our DNS, it was down for some reason, then it connects to public and fetches SOA record. SOA record tells host that this nameserver has valid info about domain and it's records. It also has long TTL which means this nameserver will serve this domain for specific amount of time and host will not try to ask other nameservers, which gets us in situation where cloudflare mutes our private DNS

I have to note that we don't set any records in cloudflare because we don't have to share our network topology to the intruders. Its only purpose to get us a SSL certificate

Will greatly appreciate if you find any issues in our setup

Our cron job https://gist.github.com/alexcupertme/99e233111674bcf093c3d55cd6cd360c

alexcupertme avatar Oct 02 '24 08:10 alexcupertme

I think this feature would be very useful even in the form of a very simple list with DNS records.

It may be used for defining more descriptive names for the peers in the network. Moreover, it may simplify setup for some small and simple homelabs. Netbird already has in place most of the mechanisms required for implementation.

pktiuk avatar Jan 11 '25 21:01 pktiuk

any update on that feature, we are now october 2025 ;-)

MisterDuval avatar Oct 14 '25 10:10 MisterDuval