DNS settings break DNS resolution in k3s/rke2 clusters. #1957

New Issue

saavagebueno · 2025-11-20T06:10:14-05:00

saavagebueno commented

2025-11-20 06:10:14 -05:00

Originally created by @theoriginalgri on GitHub (Jun 11, 2025).

Describe the problem

We are running netbird on Ubuntu 24.04 host systems (hetzner cloud + dedicated) which also run k3s / rke2.

Up until this Tuesday, this was working flawlessly (even though we have not installed any updates of netbird/ubuntu/k3s/rke2 within the days of breaking).

Since then, pods have been behaving erratic and failed installing alpine linux packages. We have now pinned the issue down to having DNS settings active in netbird. Once the machine is excluded using "Disable DNS management", alpine linux packages can be installed.

To Reproduce

Steps to reproduce the behavior:

Setup a new server (e.g. on Hetzner Cloud)
Install netbird:

curl -fsSL https://pkgs.netbird.io/install.sh | sh
netbird up

Install k3s:

curl -sfL https://get.k3s.io | sh -

Launch a bash session for alpine linux:

k3s kubectl run test-shell --rm -i --tty --image alpine:latest

Within that shell try to ping dl-cdn.alpinelinux.org:

ping dl-cdn.alpinelinux.org
ping: bad address 'dl-cdn.alpinelinux.org'

If either netbird service is stopped or the machine is excluded from DNS settings, pinging starts working again once the pod is restarted. Interestingly pinging ping dl-cdn.alpinelinux.org. (with dot suffix) works.

Expected behavior

Pinging to dl-cdn.alpinelinux.org succeeds.

Are you using NetBird Cloud?

Cloud

NetBird version

Tried multiple:

0.46.0
0.45.3
0.44.0

Is any other VPN software installed?

No

Debug output

To help us resolve the problem, please attach the following anonymized status output

Peers detail:
 gitlab.netbird.cloud:
  NetBird IP: 100.92.104.216
  Public key: 5JcftOw3hmB/rW7xULTpX49hbEGi/SSYP6bWNxMiJ0k=
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): host/host
  ICE candidate endpoints (Local/Remote): 10.42.0.0:51820/198.51.100.0:51820
  Relay server address: rels://streamline-de-fra1-0.relay.netbird.io:443
  Last connection update: 19 minutes, 58 seconds ago
  Last WireGuard handshake: 57 seconds ago
  Transfer status (received/sent) 1.5 KiB/4.4 KiB
  Quantum resistance: false
  Networks: -
  Latency: 3.360698ms

Events:
  [WARNING] DNS (eb819e1f-0e71-4bfa-aecf-6c98b0980181)
    Message: All upstream servers failed (probe failed)
    Time: 20 minutes, 2 seconds ago
    Metadata: upstreams: 100.92.104.216:5353
  [WARNING] DNS (ce264190-443d-4984-bea2-96d5d5f05748)
    Message: All upstream servers failed (probe failed)
    Time: 20 minutes, 2 seconds ago
    Metadata: upstreams: 100.92.104.216:5353
  [INFO] SYSTEM (0fed29a3-2ca0-4044-86c4-7d0ac9b2d606)
    Message: Network map updated
    Time: 20 minutes, 2 seconds ago
OS: linux/amd64
Daemon version: 0.44.0
CLI version: 0.44.0
Management: Connected to https://api.netbird.io:443
Signal: Connected to https://signal.netbird.io:443
Relays:
  [stun:stun.netbird.io:5555] is Available
  [turns:turn.netbird.io:443?transport=tcp] is Available
  [rels://streamline-de-fra1-0.relay.netbird.io:443] is Available
Nameservers:
  [100.92.104.216:5353] for [gitlab.anon-ZDWPs.domain, gitlab-ssh.anon-ZDWPs.domain] is Available
FQDN: ubuntu-16gb-fsn1-1.netbird.cloud
NetBird IP: 100.92.239.76/16
Interface type: Kernel
Quantum resistance: false
Networks: -
Forwarding rules: 0
Peers count: 1/1 Connected

Create and upload a debug bundle, and share the returned file key:

f79e391890ab27fb37c88b3b4be7011e22aa2e5ca6f38ffa9c4481884941f726/34c03ba3-60c9-44dc-8aec-f6f42fd25f8e

Screenshots

Additional context

Add any other context about the problem here:

Running tcpdump port 53 on the host machine reveals:

12:57:02.174698 IP static.179.xx.xxx.xxx.clients.your-server.de.datametrics > ns2.recursivedns.hetzner.com.domain: 57579+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
12:57:02.174733 IP static.179.xx.xxx.xxx.clients.your-server.de.12678 > ns2.recursivedns.hetzner.com.domain: 1475+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54)
12:57:02.244589 IP static.179.xx.xxx.xxx.clients.your-server.de.59458 > ns1.recursivedns.hetzner.com.domain: 20223+ [1au] PTR? 2.64.12.185.in-addr.arpa. (53)
12:57:02.245085 IP ns1.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.59458: 20223 1/3/1 PTR ns2.recursivedns.hetzner.com. (182)
12:57:02.335256 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.12678: 1475 ServFail 0/0/0 (54)
12:57:02.335923 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.datametrics: 57579 ServFail 0/0/0 (54)

It looks like it's trying to lookup dl-cdn.alpinelinux.org.netbird.cloud., so it seems like it's adding the search domain to every lookup 🤷

Have you tried these troubleshooting steps?

Reviewed client troubleshooting (if applicable)
Checked for newer NetBird versions
Searched for similar issues on GitHub (including closed ones)
Restarted the NetBird client
~~[ ] Disabled other VPN software~~
Checked firewall settings

Originally created by @theoriginalgri on GitHub (Jun 11, 2025). **Describe the problem** We are running netbird on Ubuntu 24.04 host systems (hetzner cloud + dedicated) which also run k3s / rke2. Up until this Tuesday, this was working flawlessly (even though we have not installed any updates of netbird/ubuntu/k3s/rke2 within the days of breaking). Since then, pods have been behaving erratic and failed installing alpine linux packages. We have now pinned the issue down to having DNS settings active in netbird. Once the machine is excluded using "Disable DNS management", alpine linux packages can be installed. **To Reproduce** Steps to reproduce the behavior: 1. Setup a new server (e.g. on Hetzner Cloud) 2. Install netbird: ```shell curl -fsSL https://pkgs.netbird.io/install.sh | sh netbird up ``` 3. Install k3s: ```shell curl -sfL https://get.k3s.io | sh - ``` 4. Launch a bash session for alpine linux: ```shell k3s kubectl run test-shell --rm -i --tty --image alpine:latest ``` Within that shell try to ping `dl-cdn.alpinelinux.org`: ```shell ping dl-cdn.alpinelinux.org ping: bad address 'dl-cdn.alpinelinux.org' ``` If either netbird service is stopped or the machine is excluded from DNS settings, pinging starts working again once the pod is restarted. Interestingly pinging `ping dl-cdn.alpinelinux.org.` (with dot suffix) works. **Expected behavior** Pinging to `dl-cdn.alpinelinux.org` succeeds. **Are you using NetBird Cloud?** Cloud **NetBird version** Tried multiple: - 0.46.0 - 0.45.3 - 0.44.0 **Is any other VPN software installed?** No **Debug output** To help us resolve the problem, please attach the following anonymized status output ``` Peers detail: gitlab.netbird.cloud: NetBird IP: 100.92.104.216 Public key: 5JcftOw3hmB/rW7xULTpX49hbEGi/SSYP6bWNxMiJ0k= Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/host ICE candidate endpoints (Local/Remote): 10.42.0.0:51820/198.51.100.0:51820 Relay server address: rels://streamline-de-fra1-0.relay.netbird.io:443 Last connection update: 19 minutes, 58 seconds ago Last WireGuard handshake: 57 seconds ago Transfer status (received/sent) 1.5 KiB/4.4 KiB Quantum resistance: false Networks: - Latency: 3.360698ms Events: [WARNING] DNS (eb819e1f-0e71-4bfa-aecf-6c98b0980181) Message: All upstream servers failed (probe failed) Time: 20 minutes, 2 seconds ago Metadata: upstreams: 100.92.104.216:5353 [WARNING] DNS (ce264190-443d-4984-bea2-96d5d5f05748) Message: All upstream servers failed (probe failed) Time: 20 minutes, 2 seconds ago Metadata: upstreams: 100.92.104.216:5353 [INFO] SYSTEM (0fed29a3-2ca0-4044-86c4-7d0ac9b2d606) Message: Network map updated Time: 20 minutes, 2 seconds ago OS: linux/amd64 Daemon version: 0.44.0 CLI version: 0.44.0 Management: Connected to https://api.netbird.io:443 Signal: Connected to https://signal.netbird.io:443 Relays: [stun:stun.netbird.io:5555] is Available [turns:turn.netbird.io:443?transport=tcp] is Available [rels://streamline-de-fra1-0.relay.netbird.io:443] is Available Nameservers: [100.92.104.216:5353] for [gitlab.anon-ZDWPs.domain, gitlab-ssh.anon-ZDWPs.domain] is Available FQDN: ubuntu-16gb-fsn1-1.netbird.cloud NetBird IP: 100.92.239.76/16 Interface type: Kernel Quantum resistance: false Networks: - Forwarding rules: 0 Peers count: 1/1 Connected ``` Create and upload a debug bundle, and share the returned file key: `f79e391890ab27fb37c88b3b4be7011e22aa2e5ca6f38ffa9c4481884941f726/34c03ba3-60c9-44dc-8aec-f6f42fd25f8e` **Screenshots** - **Additional context** Add any other context about the problem here: Running `tcpdump port 53` on the host machine reveals: ``` 12:57:02.174698 IP static.179.xx.xxx.xxx.clients.your-server.de.datametrics > ns2.recursivedns.hetzner.com.domain: 57579+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 12:57:02.174733 IP static.179.xx.xxx.xxx.clients.your-server.de.12678 > ns2.recursivedns.hetzner.com.domain: 1475+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54) 12:57:02.244589 IP static.179.xx.xxx.xxx.clients.your-server.de.59458 > ns1.recursivedns.hetzner.com.domain: 20223+ [1au] PTR? 2.64.12.185.in-addr.arpa. (53) 12:57:02.245085 IP ns1.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.59458: 20223 1/3/1 PTR ns2.recursivedns.hetzner.com. (182) 12:57:02.335256 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.12678: 1475 ServFail 0/0/0 (54) 12:57:02.335923 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.datametrics: 57579 ServFail 0/0/0 (54) ``` It looks like it's trying to lookup `dl-cdn.alpinelinux.org.netbird.cloud.`, so it seems like it's adding the search domain to every lookup 🤷 **Have you tried these troubleshooting steps?** - [x] Reviewed [client troubleshooting](https://docs.netbird.io/how-to/troubleshooting-client) (if applicable) - [x] Checked for newer NetBird versions - [x] Searched for similar issues on GitHub (including closed ones) - [x] Restarted the NetBird client - ~~[ ] Disabled other VPN software~~ - [x] Checked firewall settings

saavagebueno added the triage-needed label 2025-11-20 06:10:14 -05:00

saavagebueno commented

2025-11-20 06:10:15 -05:00

@lixmal commented on GitHub (Jun 11, 2025):

Can you share resolvectl status and cat /etc/resolv.conf? It's unclear why the machine appends search domains to unrelated queries (not directed to NetBird's resolver).

Besides, there seems to be something wrong with the upstream server:

A/AAAA queries:

12:57:02.174698 IP static.179.xx.xxx.xxx.clients.your-server.de.datametrics > ns2.recursivedns.hetzner.com.domain: 57579+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
12:57:02.174733 IP static.179.xx.xxx.xxx.clients.your-server.de.12678 > ns2.recursivedns.hetzner.com.domain: 1475+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54)

responses:

12:57:02.335256 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.12678: 1475 ServFail 0/0/0 (54)
12:57:02.335923 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.datametrics: 57579 ServFail 0/0/0 (54)

Upstream should respond with either of these:

NXDOMAIN - if the fully qualified domain name doesn't exist
NOERROR with no records - if the domain exists but has no records for the requested type

Since we don't see any other traffic, I assume the alpine/musl resolver stops searching after encountering ServFail resulting in your issue.

One suggestion to address the issue is to assign an upstream resolver that covers all domains in the NetBird dashboard. One that doesn't point to these hetzner resolvers.

@lixmal commented on GitHub (Jun 11, 2025): Can you share `resolvectl status` and `cat /etc/resolv.conf`? It's unclear why the machine appends search domains to unrelated queries (not directed to NetBird's resolver). Besides, there seems to be something wrong with the upstream server: A/AAAA queries: ``` 12:57:02.174698 IP static.179.xx.xxx.xxx.clients.your-server.de.datametrics > ns2.recursivedns.hetzner.com.domain: 57579+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 12:57:02.174733 IP static.179.xx.xxx.xxx.clients.your-server.de.12678 > ns2.recursivedns.hetzner.com.domain: 1475+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54) ``` responses: ``` 12:57:02.335256 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.12678: 1475 ServFail 0/0/0 (54) 12:57:02.335923 IP ns2.recursivedns.hetzner.com.domain > static.179.xx.xxx.xxx.clients.your-server.de.datametrics: 57579 ServFail 0/0/0 (54) ``` Upstream should respond with either of these: ``` NXDOMAIN - if the fully qualified domain name doesn't exist NOERROR with no records - if the domain exists but has no records for the requested type ``` Since we don't see any other traffic, I assume the alpine/musl resolver stops searching after encountering ServFail resulting in your issue. One suggestion to address the issue is to assign an upstream resolver that covers all domains in the NetBird dashboard. One that doesn't point to these hetzner resolvers.

saavagebueno commented

2025-11-20 06:10:15 -05:00

@theoriginalgri commented on GitHub (Jun 11, 2025):

Thanks for your response. I just created a fresh machine to answer your questions.

Activating Google DNS for all machines as a resolver for all domains on the netbird dashboard sadly did not change anything.

# resolvectl status (host machine)

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 185.12.64.2
       DNS Servers: 185.12.64.2 185.12.64.1

Link 3 (wt0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.92.171.22
       DNS Servers: 100.92.171.22
        DNS Domain: ~gitlab.mycompany.com ~gitlab-ssh.mycompany.com netbird.cloud
                    ~92.100.in-addr.arpa ~.

Link 4 (flannel.1)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (cni0)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 8 (veth980ed412)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 9 (veth133bc637)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 10 (veth59030e25)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 11 (veth6c72b1a5)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 12 (veth2b2236f6)
    Current Scopes: none
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

# cat /etc/resolv.conf

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search netbird.cloud

After overriding the netplan nameservers with the ones from google, resolvectl status shows:

root@ubuntu-2gb-fsn1-1:~# resolvectl status
Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8 8.8.4.4

Link 3 (wt0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.92.171.22
       DNS Servers: 100.92.171.22
        DNS Domain: ~gitlab.mycompany.com ~gitlab-ssh.mycompany.com netbird.cloud ~92.100.in-addr.arpa ~.

Now my host machine has 8.8.8.8 as nameserver set and netbird dns resolution has google dns active as well. tcpdump port 53 shows:

18:35:09.156693 IP static.179.58.119.168.clients.your-server.de.55711 > dns.google.domain: 6829+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54)
18:35:09.156736 IP static.179.58.119.168.clients.your-server.de.32085 > dns.google.domain: 60076+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
18:35:09.175927 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.32085: 60076 ServFail 0/0/0 (54)
18:35:09.179519 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55711: 6829 ServFail 0/0/0 (54)
18:35:09.197524 IP static.179.58.119.168.clients.your-server.de.49718 > dns.google.domain: 39735+ [1au] PTR? 4.4.8.8.in-addr.arpa. (49)
18:35:09.203232 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.49718: 39735 1/0/1 PTR dns.google. (73)

@theoriginalgri commented on GitHub (Jun 11, 2025): Thanks for your response. I just created a fresh machine to answer your questions. Activating Google DNS for all machines as a resolver for all domains on the netbird dashboard sadly did not change anything. ```shell # resolvectl status (host machine) Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 185.12.64.2 DNS Servers: 185.12.64.2 185.12.64.1 Link 3 (wt0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 100.92.171.22 DNS Servers: 100.92.171.22 DNS Domain: ~gitlab.mycompany.com ~gitlab-ssh.mycompany.com netbird.cloud ~92.100.in-addr.arpa ~. Link 4 (flannel.1) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 5 (cni0) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 8 (veth980ed412) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 9 (veth133bc637) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 10 (veth59030e25) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 11 (veth6c72b1a5) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 12 (veth2b2236f6) Current Scopes: none Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported ``` ```shell # cat /etc/resolv.conf # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. # # This file might be symlinked as /etc/resolv.conf. If you're looking at # /etc/resolv.conf and seeing this text, you have followed the symlink. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 trust-ad search netbird.cloud ``` After overriding the netplan nameservers with the ones from google, `resolvectl status` shows: ``` root@ubuntu-2gb-fsn1-1:~# resolvectl status Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 8.8.8.8 DNS Servers: 8.8.8.8 8.8.4.4 Link 3 (wt0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 100.92.171.22 DNS Servers: 100.92.171.22 DNS Domain: ~gitlab.mycompany.com ~gitlab-ssh.mycompany.com netbird.cloud ~92.100.in-addr.arpa ~. ``` Now my host machine has 8.8.8.8 as nameserver set and netbird dns resolution has google dns active as well. `tcpdump port 53` shows: ``` 18:35:09.156693 IP static.179.58.119.168.clients.your-server.de.55711 > dns.google.domain: 6829+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54) 18:35:09.156736 IP static.179.58.119.168.clients.your-server.de.32085 > dns.google.domain: 60076+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 18:35:09.175927 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.32085: 60076 ServFail 0/0/0 (54) 18:35:09.179519 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55711: 6829 ServFail 0/0/0 (54) 18:35:09.197524 IP static.179.58.119.168.clients.your-server.de.49718 > dns.google.domain: 39735+ [1au] PTR? 4.4.8.8.in-addr.arpa. (49) 18:35:09.203232 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.49718: 39735 1/0/1 PTR dns.google. (73) ```

saavagebueno commented

2025-11-20 06:10:15 -05:00

@lixmal commented on GitHub (Jun 11, 2025):

Ah, now it's clear.
Yes, systemd appends this to /etc/resolv.conf and musl doesn't like ServFail responses.

netbird.cloud stops doing that now, can you check if it works for you?

@lixmal commented on GitHub (Jun 11, 2025): Ah, now it's clear. Yes, systemd appends this to /etc/resolv.conf and musl doesn't like `ServFail` responses. `netbird.cloud` stops doing that now, can you check if it works for you?

saavagebueno commented

2025-11-20 06:10:16 -05:00

@theoriginalgri commented on GitHub (Jun 11, 2025):

Yeah, it seems to be working now as long as the Google DNS Server is active in the netbird dashboard 👍 . Once deactivated, it still fails.

Output with Google DNS Server activated:

19:37:23.665493 IP static.179.58.119.168.clients.your-server.de.55102 > dns.google.domain: 62454+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
19:37:23.671514 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55102: 62454 NXDomain 0/1/0 (141)
19:37:23.671822 IP static.179.58.119.168.clients.your-server.de.55102 > dns.google.domain: 12043+ A? dl-cdn.alpinelinux.org. (40)
19:37:23.679492 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55102: 12043 5/0/0 CNAME dualstack.j.sni.global.fastly.net., A 151.101.130.132, A 151.101.2.132, A 151.101.66.132, A 151.101.194.132 (151)

@theoriginalgri commented on GitHub (Jun 11, 2025): Yeah, it seems to be working now as long as the Google DNS Server is active in the netbird dashboard 👍 . Once deactivated, it still fails. Output with Google DNS Server activated: ``` 19:37:23.665493 IP static.179.58.119.168.clients.your-server.de.55102 > dns.google.domain: 62454+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 19:37:23.671514 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55102: 62454 NXDomain 0/1/0 (141) 19:37:23.671822 IP static.179.58.119.168.clients.your-server.de.55102 > dns.google.domain: 12043+ A? dl-cdn.alpinelinux.org. (40) 19:37:23.679492 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.55102: 12043 5/0/0 CNAME dualstack.j.sni.global.fastly.net., A 151.101.130.132, A 151.101.2.132, A 151.101.66.132, A 151.101.194.132 (151) ```

saavagebueno commented

2025-11-20 06:10:16 -05:00

@lixmal commented on GitHub (Jun 12, 2025):

Does it still fail with the ISP nameservers today?
If yes, can you run these on the host (with google dns or netbird off):

dig dl-cdn.alpinelinux.org.netbird.cloud.
dig netbird.cloud.

@lixmal commented on GitHub (Jun 12, 2025): Does it still fail with the ISP nameservers today? If yes, can you run these on the host (with google dns or netbird off): ``` dig dl-cdn.alpinelinux.org.netbird.cloud. dig netbird.cloud. ```

saavagebueno commented

2025-11-20 06:10:16 -05:00

@theoriginalgri commented on GitHub (Jun 13, 2025):

Yes, it still fails if I use the host system's upstream dns and don't enable Google DNS for all lookups in the netbird dashboard.

With default settings (hetzner dns) and netbird off on the host system:

root@ubuntu-2gb-fsn1-1:~# dig dl-cdn.alpinelinux.org.netbird.cloud.

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> dl-cdn.alpinelinux.org.netbird.cloud.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28900
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;dl-cdn.alpinelinux.org.netbird.cloud. IN A

;; AUTHORITY SECTION:
netbird.cloud.		747	IN	SOA	ns-1769.awsdns-29.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jun 13 12:56:33 UTC 2025
;; MSG SIZE  rcvd: 152

root@ubuntu-2gb-fsn1-1:~# dig netbird.cloud.

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> netbird.cloud.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45695
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;netbird.cloud.			IN	A

;; AUTHORITY SECTION:
netbird.cloud.		890	IN	SOA	ns-1769.awsdns-29.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 23 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jun 13 12:57:23 UTC 2025
;; MSG SIZE  rcvd: 129

@theoriginalgri commented on GitHub (Jun 13, 2025): Yes, it still fails if I use the host system's upstream dns and don't enable Google DNS for all lookups in the netbird dashboard. With default settings (hetzner dns) and netbird off on the host system: ``` root@ubuntu-2gb-fsn1-1:~# dig dl-cdn.alpinelinux.org.netbird.cloud. ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> dl-cdn.alpinelinux.org.netbird.cloud. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28900 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;dl-cdn.alpinelinux.org.netbird.cloud. IN A ;; AUTHORITY SECTION: netbird.cloud. 747 IN SOA ns-1769.awsdns-29.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Jun 13 12:56:33 UTC 2025 ;; MSG SIZE rcvd: 152 ``` ``` root@ubuntu-2gb-fsn1-1:~# dig netbird.cloud. ; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> netbird.cloud. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45695 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;netbird.cloud. IN A ;; AUTHORITY SECTION: netbird.cloud. 890 IN SOA ns-1769.awsdns-29.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 23 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Jun 13 12:57:23 UTC 2025 ;; MSG SIZE rcvd: 129 ```

saavagebueno commented

2025-11-20 06:10:16 -05:00

@lixmal commented on GitHub (Jun 14, 2025):

Can you repeat the earlier tcpdumps, once with netbird upstream and one without + ping from the pod

@lixmal commented on GitHub (Jun 14, 2025): Can you repeat the earlier `tcpdump`s, once with netbird upstream and one without + ping from the pod

saavagebueno commented

2025-11-20 06:10:16 -05:00

@theoriginalgri commented on GitHub (Jun 15, 2025):

tcpdump results for pinging from pod:

netbird with google dns resolver for all domains enabled (pinging works):

17:38:04.086413 IP static.179.58.119.168.clients.your-server.de.30380 > ns1.recursivedns.hetzner.com.domain: 32495+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
17:38:04.116832 IP static.179.58.119.168.clients.your-server.de.42272 > dns.google.domain: 40084+ PTR? 1.64.12.185.in-addr.arpa. (42)
17:38:04.119494 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.30380: 32495 NXDomain 0/1/0 (141)
17:38:04.119935 IP static.179.58.119.168.clients.your-server.de.30380 > ns1.recursivedns.hetzner.com.domain: 46295+ AAAA? dl-cdn.alpinelinux.org. (40)
17:38:04.119999 IP static.179.58.119.168.clients.your-server.de.15659 > ns2.recursivedns.hetzner.com.domain: 31142+ A? dl-cdn.alpinelinux.org. (40)
17:38:04.120212 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.30380: 46295 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187)
17:38:04.120268 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.15659: 31142 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175)
17:38:04.122959 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.42272: 40084 1/0/0 PTR ns1.recursivedns.hetzner.com. (84)
17:38:08.293600 IP static.179.58.119.168.clients.your-server.de.42806 > dns.google.domain: 12655+ A? stun.netbird.io. (33)
17:38:08.293688 IP static.179.58.119.168.clients.your-server.de.34694 > dns.google.domain: 18939+ A? turn.netbird.io. (33)
17:38:08.293702 IP static.179.58.119.168.clients.your-server.de.49789 > dns.google.domain: 36504+ AAAA? stun.netbird.io. (33)
17:38:08.293809 IP static.179.58.119.168.clients.your-server.de.36763 > dns.google.domain: 10195+ AAAA? turn.netbird.io. (33)
17:38:08.299074 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.36763: 10195 0/1/0 (120)
17:38:08.299354 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.49789: 36504 0/1/0 (120)
17:38:08.301379 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.42806: 12655 1/0/0 A 94.237.91.111 (49)
17:38:08.301594 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.34694: 18939 1/0/0 A 94.237.85.254 (49)

netbird with default dns (pinging fails):

17:41:30.095938 IP static.179.58.119.168.clients.your-server.de.40414 > ns1.recursivedns.hetzner.com.domain: 23802+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
17:41:30.124519 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.40414: 23802 NXDomain 0/1/0 (141)
17:41:30.125499 IP static.179.58.119.168.clients.your-server.de.9752 > ns2.recursivedns.hetzner.com.domain: 40582+ A? dl-cdn.alpinelinux.org. (40)
17:41:30.125900 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.9752: 40582 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175)

netbird service stopped (pinging works):

17:45:07.857640 IP static.179.58.119.168.clients.your-server.de.15366 > ns2.recursivedns.hetzner.com.domain: 25366+ A? dl-cdn.alpinelinux.org. (40)
17:45:07.857686 IP static.179.58.119.168.clients.your-server.de.46908 > ns2.recursivedns.hetzner.com.domain: 12765+ AAAA? dl-cdn.alpinelinux.org. (40)
17:45:07.858261 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.15366: 25366 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175)
17:45:07.858307 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.46908: 12765 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187)

@theoriginalgri commented on GitHub (Jun 15, 2025): tcpdump results for pinging from pod: netbird with google dns resolver for all domains enabled (pinging works): ``` 17:38:04.086413 IP static.179.58.119.168.clients.your-server.de.30380 > ns1.recursivedns.hetzner.com.domain: 32495+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 17:38:04.116832 IP static.179.58.119.168.clients.your-server.de.42272 > dns.google.domain: 40084+ PTR? 1.64.12.185.in-addr.arpa. (42) 17:38:04.119494 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.30380: 32495 NXDomain 0/1/0 (141) 17:38:04.119935 IP static.179.58.119.168.clients.your-server.de.30380 > ns1.recursivedns.hetzner.com.domain: 46295+ AAAA? dl-cdn.alpinelinux.org. (40) 17:38:04.119999 IP static.179.58.119.168.clients.your-server.de.15659 > ns2.recursivedns.hetzner.com.domain: 31142+ A? dl-cdn.alpinelinux.org. (40) 17:38:04.120212 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.30380: 46295 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187) 17:38:04.120268 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.15659: 31142 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175) 17:38:04.122959 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.42272: 40084 1/0/0 PTR ns1.recursivedns.hetzner.com. (84) 17:38:08.293600 IP static.179.58.119.168.clients.your-server.de.42806 > dns.google.domain: 12655+ A? stun.netbird.io. (33) 17:38:08.293688 IP static.179.58.119.168.clients.your-server.de.34694 > dns.google.domain: 18939+ A? turn.netbird.io. (33) 17:38:08.293702 IP static.179.58.119.168.clients.your-server.de.49789 > dns.google.domain: 36504+ AAAA? stun.netbird.io. (33) 17:38:08.293809 IP static.179.58.119.168.clients.your-server.de.36763 > dns.google.domain: 10195+ AAAA? turn.netbird.io. (33) 17:38:08.299074 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.36763: 10195 0/1/0 (120) 17:38:08.299354 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.49789: 36504 0/1/0 (120) 17:38:08.301379 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.42806: 12655 1/0/0 A 94.237.91.111 (49) 17:38:08.301594 IP dns.google.domain > static.179.58.119.168.clients.your-server.de.34694: 18939 1/0/0 A 94.237.85.254 (49) ``` netbird with default dns (pinging fails): ``` 17:41:30.095938 IP static.179.58.119.168.clients.your-server.de.40414 > ns1.recursivedns.hetzner.com.domain: 23802+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 17:41:30.124519 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.40414: 23802 NXDomain 0/1/0 (141) 17:41:30.125499 IP static.179.58.119.168.clients.your-server.de.9752 > ns2.recursivedns.hetzner.com.domain: 40582+ A? dl-cdn.alpinelinux.org. (40) 17:41:30.125900 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.9752: 40582 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175) ``` netbird service stopped (pinging works): ``` 17:45:07.857640 IP static.179.58.119.168.clients.your-server.de.15366 > ns2.recursivedns.hetzner.com.domain: 25366+ A? dl-cdn.alpinelinux.org. (40) 17:45:07.857686 IP static.179.58.119.168.clients.your-server.de.46908 > ns2.recursivedns.hetzner.com.domain: 12765+ AAAA? dl-cdn.alpinelinux.org. (40) 17:45:07.858261 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.15366: 25366 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175) 17:45:07.858307 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.46908: 12765 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187) ```

saavagebueno commented

2025-11-20 06:10:16 -05:00

@theoriginalgri commented on GitHub (Jun 17, 2025):

Looks like you've fixed it with 0.47.2 🎉

tcpdump with netbird running but google dns not active:

17:22:35.863094 IP static.179.58.119.168.clients.your-server.de.28172 > ns2.recursivedns.hetzner.com.domain: 38453+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54)
17:22:35.863114 IP static.179.58.119.168.clients.your-server.de.7296 > ns1.recursivedns.hetzner.com.domain: 22921+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54)
17:22:35.863644 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.7296: 22921 NXDomain 0/1/0 (141)
17:22:35.892848 IP static.179.58.119.168.clients.your-server.de.57979 > ns2.recursivedns.hetzner.com.domain: 56528+ [1au] PTR? 1.64.12.185.in-addr.arpa. (53)
17:22:35.893275 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.57979: 56528 1/3/1 PTR ns1.recursivedns.hetzner.com. (182)
17:22:35.906693 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.28172: 38453 NXDomain 0/1/0 (141)
17:22:35.907191 IP static.179.58.119.168.clients.your-server.de.7296 > ns1.recursivedns.hetzner.com.domain: 56645+ AAAA? dl-cdn.alpinelinux.org. (40)
17:22:35.907330 IP static.179.58.119.168.clients.your-server.de.56307 > ns1.recursivedns.hetzner.com.domain: 31523+ A? dl-cdn.alpinelinux.org. (40)
17:22:35.907406 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.7296: 56645 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187)
17:22:35.907567 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.56307: 31523 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175)

@theoriginalgri commented on GitHub (Jun 17, 2025): Looks like you've fixed it with 0.47.2 🎉 tcpdump with netbird running but google dns not active: ``` 17:22:35.863094 IP static.179.58.119.168.clients.your-server.de.28172 > ns2.recursivedns.hetzner.com.domain: 38453+ AAAA? dl-cdn.alpinelinux.org.netbird.cloud. (54) 17:22:35.863114 IP static.179.58.119.168.clients.your-server.de.7296 > ns1.recursivedns.hetzner.com.domain: 22921+ A? dl-cdn.alpinelinux.org.netbird.cloud. (54) 17:22:35.863644 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.7296: 22921 NXDomain 0/1/0 (141) 17:22:35.892848 IP static.179.58.119.168.clients.your-server.de.57979 > ns2.recursivedns.hetzner.com.domain: 56528+ [1au] PTR? 1.64.12.185.in-addr.arpa. (53) 17:22:35.893275 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.57979: 56528 1/3/1 PTR ns1.recursivedns.hetzner.com. (182) 17:22:35.906693 IP ns2.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.28172: 38453 NXDomain 0/1/0 (141) 17:22:35.907191 IP static.179.58.119.168.clients.your-server.de.7296 > ns1.recursivedns.hetzner.com.domain: 56645+ AAAA? dl-cdn.alpinelinux.org. (40) 17:22:35.907330 IP static.179.58.119.168.clients.your-server.de.56307 > ns1.recursivedns.hetzner.com.domain: 31523+ A? dl-cdn.alpinelinux.org. (40) 17:22:35.907406 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.7296: 56645 2/4/0 CNAME dualstack.j.sni.global.fastly.net., AAAA 2a04:4e42:8e::644 (187) 17:22:35.907567 IP ns1.recursivedns.hetzner.com.domain > static.179.58.119.168.clients.your-server.de.56307: 31523 2/4/0 CNAME dualstack.j.sni.global.fastly.net., A 146.75.122.132 (175) ```

Sign in to join this conversation.

Branches Tags

main

ui-refactor

fix/rosenpass

drop-candidateviaroutes-filter

e2e-windows-dns-combined

refactor-combined

wasm-websocket-dial

drop-dns-probes

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

reduce-embed-wg-pool

windows-dns-firewall

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#1957