[BUG] Linux Client can not set DNS with custom port #1676

Closed
opened 2025-11-20 06:04:34 -05:00 by saavagebueno · 5 comments
Owner

Originally created by @0xf61 on GitHub (Mar 5, 2025).

Describe the problem

Hello, we are using Netbird to access our assets. We self-hosting everything btw. We assumed that it would not be too much of a problem to change DNS port 53 to 531. This leads us to no problem on Windows, Android, iOS, and macOS clients. Unfortunately, I assume there is an unhandled situation here on Linux clients. First of all, Netbird up perfectly sets up the IP which has to be set by Netbird but there is a small issue that it can not set it from 53 to 531. I assume this is not handled on systemd-resolved and netbird client does not cover it.

To Reproduce

Steps to reproduce the behavior:

  1. In the setup change dns port 53 to 531 ( see screenshot )
  2. On Linux client run "netbird up"
  3. Check /etc/resolv.conf to see netbird dns is set up correctly.
  4. dig a internal.netbird and dig -p 531 a internal.netbird address.
  5. See that setting port 531 resolves it but not default configuration solves the issue.

Expected behavior
I believe it should resolve the domains even DNS port is differ from 53.

Are you using NetBird Cloud?

No we are using selfhosted version of netbird.

NetBird version

0.37.1

NetBird status -dA output:

If applicable, add the `netbird status -dA' command output.

Do you face any (non-mobile) client issues?

No we don't have any issues on mobile clients.

Screenshots
As you can see the port is set to 531.

Image

When it asked on 531 port it works.

Image

Additional context

We have no problem on any other device but only Linux client has this issue.
I solved the issue on my side with below this command btw:

sudo iptables -t nat -A OUTPUT -p tcp --dport domain -j DNAT --to-destination 100.68.147.238:531
sudo iptables -t nat -A OUTPUT -p udp --dport domain -j DNAT --to-destination 100.68.147.238:531

I open this issue and share my solution if no solution can be provided by netbird.

Originally created by @0xf61 on GitHub (Mar 5, 2025). **Describe the problem** Hello, we are using Netbird to access our assets. We self-hosting everything btw. We assumed that it would not be too much of a problem to change DNS port 53 to 531. This leads us to no problem on Windows, Android, iOS, and macOS clients. Unfortunately, I assume there is an unhandled situation here on Linux clients. First of all, `Netbird up` perfectly sets up the IP which has to be set by Netbird but there is a small issue that it can not set it from 53 to 531. I assume this is not handled on systemd-resolved and netbird client does not cover it. **To Reproduce** Steps to reproduce the behavior: 1. In the setup change dns port 53 to 531 ( see screenshot ) 2. On Linux client run "netbird up" 3. Check /etc/resolv.conf to see netbird dns is set up correctly. 4. `dig a internal.netbird` and `dig -p 531 a internal.netbird` address. 5. See that setting port 531 resolves it but not default configuration solves the issue. **Expected behavior** I believe it should resolve the domains even DNS port is differ from 53. **Are you using NetBird Cloud?** No we are using selfhosted version of netbird. **NetBird version** 0.37.1 **NetBird status -dA output:** If applicable, add the `netbird status -dA' command output. **Do you face any (non-mobile) client issues?** No we don't have any issues on mobile clients. **Screenshots** As you can see the port is set to 531. ![Image](https://github.com/user-attachments/assets/1ef08abc-01bc-4c2e-9ca6-1a04285703d2) When it asked on 531 port it works. ![Image](https://github.com/user-attachments/assets/cc3de4af-4c23-4be9-8c6c-942af0e0e4b8) **Additional context** We have no problem on any other device but only Linux client has this issue. I solved the issue on my side with below this command btw: ``` sudo iptables -t nat -A OUTPUT -p tcp --dport domain -j DNAT --to-destination 100.68.147.238:531 sudo iptables -t nat -A OUTPUT -p udp --dport domain -j DNAT --to-destination 100.68.147.238:531 ``` I open this issue and share my solution if no solution can be provided by netbird.
saavagebueno added the clientdnslinux labels 2025-11-20 06:04:34 -05:00
Author
Owner

@lixmal commented on GitHub (Mar 5, 2025):

@0xF61, what's your Linux distro/version/kernel?

Can you share the log please?

netbird debug for 1m -AS

(run your query in this 1 minute time frame)

This should be handled already, unless something went wrong

@lixmal commented on GitHub (Mar 5, 2025): @0xF61, what's your Linux distro/version/kernel? Can you share the log please? `netbird debug for 1m -AS` (run your query in this 1 minute time frame) This should be handled already, unless something went wrong
Author
Owner

@0xf61 commented on GitHub (Mar 5, 2025):

Hello @lixmal thank you for your quick response. I ran it for 10sec and ran dig with and without specifying port.

The debug helped me to see this error. You can see the all WARN's lines on logs in this SS. ( I use systemd-resolved service on my machine )

Image

I'm running arch with latest kernel.
Linux host 6.13.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 27 Feb 2025 18:09:44 +0000 x86_64 GNU/Linux

netbird.debug.zip

@0xf61 commented on GitHub (Mar 5, 2025): Hello @lixmal thank you for your quick response. I ran it for 10sec and ran dig with and without specifying port. The debug helped me to see this error. You can see the all WARN's lines on logs in this SS. ( I use systemd-resolved service on my machine ) ![Image](https://github.com/user-attachments/assets/df7707fc-932c-498a-9039-0fe49ae9011d) I'm running arch with latest kernel. `Linux host 6.13.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 27 Feb 2025 18:09:44 +0000 x86_64 GNU/Linux` [netbird.debug.zip](https://github.com/user-attachments/files/19097452/netbird.debug.zip)
Author
Owner

@lixmal commented on GitHub (Mar 5, 2025):

You mentioned using systemd-resolved, yet the log discovered a plain file:

2025-02-19T16:02:56Z INFO client/internal/dns/host_unix.go:54: System DNS manager discovered: file

can you show the content of /etc/resolv.conf and /etc/systemd/resolved.conf when netbird is down. Is DNSStubListener=yes set?

@lixmal commented on GitHub (Mar 5, 2025): You mentioned using systemd-resolved, yet the log discovered a plain file: ``` 2025-02-19T16:02:56Z INFO client/internal/dns/host_unix.go:54: System DNS manager discovered: file ``` can you show the content of `/etc/resolv.conf` and `/etc/systemd/resolved.conf` when netbird is down. Is `DNSStubListener=yes` set?
Author
Owner

@0xf61 commented on GitHub (Mar 6, 2025):

What you mentioned DNSStubListener was not set. I enabled it and it recognized as systemd dns resolver but the issue still exist. I ran the debug command you gave me again. Is there any documentation about custom port settings. The only thing I found is this.

Image

Should I also configure the resolved.conf to match my dns record? I also searched that but couldn't find a solution to set custom port to dns server on systemd-resolved.

netbird.debug.zip

@0xf61 commented on GitHub (Mar 6, 2025): What you mentioned `DNSStubListener` was not set. I enabled it and it recognized as systemd dns resolver but the issue still exist. I ran the debug command you gave me again. Is there any documentation about custom port settings. The only thing I found is [this](https://docs.netbird.io/how-to/manage-dns-in-your-network#nameserver). ![Image](https://github.com/user-attachments/assets/8cebf65b-6290-4659-a2bc-8728362d17ce) Should I also configure the resolved.conf to match my dns record? I also searched that but couldn't find a solution to set custom port to dns server on systemd-resolved. [netbird.debug.zip](https://github.com/user-attachments/files/19107598/netbird.debug.zip)
Author
Owner

@0xf61 commented on GitHub (Apr 16, 2025):

It looks like the problem was resolved here #3161. So always the problem was not DNS I guess..

@0xf61 commented on GitHub (Apr 16, 2025): It looks like the problem was resolved here #3161. So always the problem was not DNS I guess..
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1676