netbird
netbird copied to clipboard
Embedded DNS peer subdomain resolution customization
Is your feature request related to a problem? Please describe.
I have some server in my network (Peer FQDN server.netbird.local
), which has multiple internal services (I.e nginx with virtual hosts handling);
I would like to customize netbird DNS resolution (Maybe rego can be used here?) to make it possible to override resolutions for host subdomains or at least make it resolve subdomains to the same machine address without using external DNS.
I.e. make it possible for embedded DNS server to return peer IP not only on server.netbird.local
DNS request but also on something.server.netbird.local
.
Describe alternatives you've considered
My current solution involves starting nsd (authoritative DNS resolver) on the target server (server.netbird.local
), where I have only one record:
*.server.local. 3600 IN CNAME server.netbird.local.
and then creating a custom DNS configuration with nameserver IP of the target server and match domains of server.local
(Note that I can't reuse server.netbird.local
, as netbird.local
is already resolved by netbird embedded DNS).
So when I go to sonarr.server.local
, the browser connects to server.netbird.local
instead.
Additional context It is not a VPN job to manage DNS records... But wildcard resolution will not cause a maintenance burden, as there is already a DNS server embedded, and it might be useful to many users.
I have asked similar question or kinda here #1436
I found out it's possible to workaround that by going via the following path:
- Add a new server for proxy (optional) or use same server as netbird server
- Install a client and connect it to your netbird server
- Add a reverse proxy that listen to *.YOURFQDN.LTD and redirect to $host (using nginx or caddy)
So for example, if you have test1.vpn.fqdn.ltd => it's gonna connect to proxy which already connected to vpn as client. so you $host would be test1.vpn.fqdn.ltd, Since to proxy is connected to vpn and know that name it will forward you to the right peer.
I have solved this myself in current vpn solution and worked pretty well.
# this is a caddy example:
:80,:443 {
reverse_proxy {host}
# other configuration directives...
}
server {
listen 80 ;
location / {
proxy $scheme://$host$request_uri;
}
}