Maybe a stupid question but... how does one add the DNS entry?

[ThaDaVos]

Like the title says, how does one add the DNS entry - I can't find anything about it on my.zerotier.com

[mylamour]

So am i @dvdbot did you find the soulation?

[ThaDaVos]

Not yet -> been busy with other stuff -> just using the ipaddress for now

[wscott]

This serves the hostnames on your network via DNS. So you have a machine join your ZT network and then give it a name.

[ThaDaVos]

@wscott -> in the documentation/Readme of this project it says the following:
7. Add a DNS entry in your ZeroTier members pointing to the member running ztdns.

This is what we're asking, how do you do this? Or is it poorly described?

[mje-nz]

Good question, I'd like to know the tidiest way of setting this up too.

@DavidWatkins @gordonbondon @hatemosphere @sysadchin @Dallas-Makerspace @denzuko How do your ztdns setups work?

[hatemosphere]

well, if you just look at the code...it takes a name of your host and creates DNS record for it automatically by prepending domain prefix that you attached to the specific network in settings

[hatemosphere]

please let me know if you need more details on that

[mje-nz]

Yeah I understand how ztdns works, but what's the best way of getting it into your DNS lookup chain? Are you manually setting up split DNS on every machine in your network?

[hatemosphere]

so i think there's two options. the simplest one is to setup dnsmasq and route requests for specific domain to ztdns server. and obviously you can automate provisioning of that by config management tool like Ansible. the second option would work if you have centralized DNS infrastructure, so then you can just set up replication from ztdns to your main DNS server.

[ghost]

I’ve slightly customized my fork to add a few features (rDNS, CNAME records based on tags, etc) I use ZT as an extension of several lab networks. In my case, all ZeroTier stuff is under *.zt.example.com. I use dnsmasq to forward requests appropriately.

[denzuko]

@mje-nz at present we're updating cloudflare and an powerdns cluster via the api once a node is joined the network.

However as @hatemosphere pointed out dns delegation from ztdns to one's main dns servers would be a great way to go forward.

[mje-nz]

@denzuko that sounds tidy, what are you using to update CloudFlare? I was thinking about patching ztdns to do it.

I can see how delegation with dnsmasq would work (thanks hatemosphere and sysadchin), but I'm trying to extend the "just connect and it magically works" property of ZeroTier to include name resolution so I'm looking for a solution that doesn't require configuring each machine in the network.

[denzuko]

@mje-nz; short answer.. curl and cloud-init.

https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record

Long answer:

the cloud-init userdata file we drop on our hypriot ran raspberry pi 4's not only setups the swarm cluster but also installs zerotier and joins to our network. Then it does a docker stack deploy which installs our datagrid stack, monitoring, apm, and finally joshava/cloudflare-ddns. Once the zerotier network is up a script is ran that calls off to cloudflare via curl and their api then makes a second call to our internal powerdns via curl and its api (https://jpmens.net/2015/01/09/a-look-at-the-powerdns-rest-api/).

Mind you this isn't very optimal since we're relying on three parts to work when one should do and the others just replicate from the master.

Best way to get something working that's zero config is a) avahi, b) winbind, or c) a master dns that's replicated while the network sets dhcp options [6, 15, and 119] (https://www.reddit.com/r/sysadmin/comments/46783t/what_are_the_006_dns_server_and_015_dns_domain/). 119 is the domain search list, which most forget but helps when one types in a browser mysecretserver and forgets the '.ztdns' part given one is using .ztdns as their top level domain extention.

[jjsarton]

I habe also a zt network. according to the equipment I own, my approach at home is to serve the LAN and the zt network via the unbound DNS server and to host the on a rasberry PI.
NAS systems as those from Synology and Qnap are not good for dns resolution across 2 DNS server. Further more I can access the zt Network from a smartphone or a tablet and there is only one central DNS server which address is announced via DHCP.
For nomadic systems, we have the possibility to set the zt-DNS server to use on the interface (Windows standard way or Linux while using systemd-resolved). For Smartphone I don't have at this time a solution.
I have Web server within my LAN so that wildcard for sub domains are nice. It will be nice to have such a feature.

[arm32x]

ZeroTier added DNS support in 1.6.0. There should now be a DNS section in your settings on my.zerotier.com.

This is mentioned in the changelog here.

[denzuko]

@arm32x yeah issue. My.zerotier.com states "See Settings Help below". But that section has not been updated to state anything about dns.

Clever users may be able to figure out that 'SEARCH DOMAIN' means dhcp option 119 (base domain search list) and SERVER ADDRESS to point to your primary internal dns server ipv4 address. But that should be documented since not everyone is going be a Network+ certified engineer (and even that's taking a guess).

Plus the SERVERS part is not very clear that one entering an ip into the 'SERVER' field appends the existing list under SERVERS. Oh and the stylised 'x' next to the ip comes across more as not found than remove from this list.