netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

[Feature Request] Allow client DNS configuration to inherit from selected exit node

Open greg-court opened this issue 4 months ago • 0 comments

Is your feature request related to a problem? Please describe. Yes. I have multiple physical sites, each with its own exit node and local DNS resolver (usually the firewall e.g. pfSense or a Pi-hole/Unbound). Clients use these exit nodes to access the internet and local resources at each site.

Right now, NetBird’s DNS configuration is static and tied to client groups — not to the exit node they’re routing through. This makes DNS completely break down in multi-site scenarios. Clients that move between sites receive all DNS servers for all networks, including ones that are unreachable from their current location. This causes name resolution to fail or hang.

It becomes unmanageable very quickly — the more sites you add, the more broken DNS gets. There is no way today to make NetBird behave like expected: “if I use exit node A, I should use exit node A’s local DNS config.”

Describe the solution you'd like Clients should be able to automatically inherit DNS settings from the exit node they are connected to.

This could be implemented as a toggle or flag on the route or exit node itself:

✅ “Advertise this peer’s DNS to clients using this exit node”

When enabled, the client would receive only the DNS configuration associated with the exit node they’re actively routing through — and update dynamically when switching nodes.

Describe alternatives you've considered

  • Manually assigning nameserver groups to client groups: doesn't work for roaming users. Clients always get all DNS servers, regardless of which are reachable.
  • Using a single global/public DNS resolver: doesn’t work in environments where services are only resolvable locally.
  • Split-DNS per domain: only works if each site has different domain zones (e.g. site1.internal, site2.internal). In most real-world setups, local resources share the same domain (e.g. *.internal), so you still end up with unreachable DNS servers being queried first — leading to timeouts and inconsistent resolution across platforms.

None of these solve the core issue.

Additional context This is a fundamental need for anyone deploying NetBird in multiple sites, across physical networks or VLANS with separate local DNS servers. Tailscale, for example, handles this natively — clients automatically adopt DNS settings from the exit node. Without this behaviour, NetBird becomes fragile and frustrating to use in real deployments.

This isn’t just a niche or advanced use case — it’s a common requirement in real-world, multi-site setups. Supporting dynamic DNS inheritance based on the active exit node would make NetBird much more reliable and easier to manage for teams with roaming clients.

greg-court avatar Jun 21 '25 20:06 greg-court