timeout towards netbird domain DNS forwarder on arch linux #2048

New Issue

saavagebueno · 2025-11-20T06:11:52-05:00

saavagebueno commented

2025-11-20 06:11:52 -05:00

Originally created by @djboris9 on GitHub (Jul 6, 2025).

Describe the problem

I cannot get any connectivity to the netbird DNS mechanism on an arch linux system.

While investigating the issue, it looks like the eBPF maps aren't populated with the DNS entries. At least, if I understood the mechanism correctly.

My question is now, how can I debug this further.

To Reproduce

Having a recent (recently updated) arch linux installation connected to a self-hosted netbird instance. A custom netbird DNS domain is used, but I don't know if this affects the issue.

When I try to look up any peer by DNS, it is timing out:

$ cat /etc/resolv.conf
# Generated by NetBird
# If needed you can restore the original file by copying back /etc/resolv.conf.original.netbird

options timeout:4 attempts:1
search access.anon-L7cGS.domain --
nameserver 100.110.148.82
nameserver 192.168.50.155
nameserver 192.168.119.217

$ dig @100.110.148.82 netrelay.access.anon-L7cGS.domain
;; communications error to 100.110.148.82#53: timed out

; <<>> DiG 9.20.10 <<>> @100.110.148.82 netrelay.access.anon-L7cGS.domain
; (1 server found)
;; global options: +cmd
;; no servers could be reached

I also saw that the nb_map_dns_ip is empty:

$ sudo bpftool map dump name nb_map_dns_ip
key: 00 00 00 00  value: 00 00 00 00
key: 01 00 00 00  value: 00 00 00 00
key: 02 00 00 00  value: 00 00 00 00
key: 03 00 00 00  value: 00 00 00 00
key: 04 00 00 00  value: 00 00 00 00
key: 05 00 00 00  value: 00 00 00 00
key: 06 00 00 00  value: 00 00 00 00
key: 07 00 00 00  value: 00 00 00 00
key: 08 00 00 00  value: 00 00 00 00
key: 09 00 00 00  value: 00 00 00 00
Found 10 elements

Running the agent in foreground (so without systemd hardenings) also doesn't produce a different result. sudo netbird up -F --config /etc/netbird/main.json --log-file console.

Connectivity to a service running on a netbird IP (on a different peer) works.

Expected behavior

I would expect DNS resolution of netbird DNS domains to work.

Are you using NetBird Cloud?

self-hosted instance

NetBird version

0.49.0 and also tried it with 0.50.1.

Is any other VPN software installed?

Wireguard, manually configured connections. But this is also the case when it is not running after a fresh reboot.

Debug output

To help us resolve the problem, please attach the following anonymized status output

netbird status -dA

Peers detail:
 boris-wintower.access.anon-L7cGS.domain:
  NetBird IP: 100.110.181.146/32
  Public key: pFUC+DmaquTK+81S12HfAPD0CjTLsAXDEXh6arHOZEo=
  Status: Idle
  -- detail --
  Connection type: 
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: 
  Last connection update: 5 minutes, 50 seconds ago
  Last WireGuard handshake: -
  Transfer status (received/sent) 0 B/0 B
  Quantum resistance: false
  Networks: -
  Latency: 0s

 cph2449eea.access.anon-L7cGS.domain:
  NetBird IP: 100.110.100.50
  Public key: ObxaqdHPK5rVcjZrph6nQ/7yO5dkLyRkzmt1pvV9hC0=
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): host/host
  ICE candidate endpoints (Local/Remote): 192.168.119.158:51820/192.168.119.217:51820
  Relay server address: rel://birdy.anon-07nyF.domain:33080
  Last connection update: 5 minutes, 48 seconds ago
  Last WireGuard handshake: 2 minutes, 47 seconds ago
  Transfer status (received/sent) 2.6 KiB/2.5 KiB
  Quantum resistance: false
  Networks: -
  Latency: 7.971143ms

 netrelay.access.anon-L7cGS.domain:
  NetBird IP: 100.110.236.28
  Public key: 3iHnhFhvs656rtSeD4RKJVTldj3h4/L1WJpKbFn5yUU=
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: rel://birdy.anon-07nyF.domain:33080
  Last connection update: 38 minutes, 37 seconds ago
  Last WireGuard handshake: 45 seconds ago
  Transfer status (received/sent) 2.8 KiB/4.2 KiB
  Quantum resistance: false
  Networks: 172.16.20.0/24, 172.16.22.0/24, 172.16.22.137/32
  Latency: 0s

Events:
  [INFO] SYSTEM (64e85152-a6e8-43dd-ad8d-196d4ef2e56b)
    Message: Network map updated
    Time: 38 minutes, 37 seconds ago
  [INFO] SYSTEM (3948db80-a0e4-4464-aefe-a9f714cf46fd)
    Message: Network map updated
    Time: 5 minutes, 50 seconds ago
OS: linux/amd64
Daemon version: 0.49.0
CLI version: 0.49.0
Management: Connected to https://birdy.anon-07nyF.domain:33073
Signal: Connected to http://birdy.anon-07nyF.domain:10000
Relays: 
  [stun:birdy.anon-07nyF.domain:3478] is Unavailable, reason: stun request: context deadline exceeded
  [turn:birdy.anon-07nyF.domain:3478?transport=udp] is Available
  [rel://birdy.anon-07nyF.domain:33080] is Available
Nameservers: 
  [9.9.9.9:53, 149.112.112.112:53] for [.] is Available
FQDN: arch.access.anon-L7cGS.domain
NetBird IP: 100.110.148.82/16
Interface type: Kernel
Quantum resistance: false
Lazy connection: false
Networks: -
Forwarding rules: 0
Peers count: 2/3 Connected

Create and upload a debug bundle, and share the returned file key:

netbird debug for 1m -AS -U: fc1a3b80da002537c8f61ade127c2f5a6d47035e640f710f6ea29a21a478965c/52e3c97c-4fb0-4978-9e41-643a74e5042f

Uploaded files are automatically deleted after 30 days.

Screenshots

N/A

Additional context

Add any other context about the problem here.

Have you tried these troubleshooting steps?

Reviewed client troubleshooting (if applicable)
Checked for newer NetBird versions
Searched for similar issues on GitHub (including closed ones)
Restarted the NetBird client
Disabled other VPN software
Checked firewall settings

Originally created by @djboris9 on GitHub (Jul 6, 2025). **Describe the problem** I cannot get any connectivity to the netbird DNS mechanism on an arch linux system. While investigating the issue, it looks like the eBPF maps aren't populated with the DNS entries. At least, if I understood the mechanism correctly. My question is now, how can I debug this further. **To Reproduce** Having a recent (recently updated) arch linux installation connected to a self-hosted netbird instance. A custom netbird DNS domain is used, but I don't know if this affects the issue. When I try to look up any peer by DNS, it is timing out: ```plaintext $ cat /etc/resolv.conf # Generated by NetBird # If needed you can restore the original file by copying back /etc/resolv.conf.original.netbird options timeout:4 attempts:1 search access.anon-L7cGS.domain -- nameserver 100.110.148.82 nameserver 192.168.50.155 nameserver 192.168.119.217 $ dig @100.110.148.82 netrelay.access.anon-L7cGS.domain ;; communications error to 100.110.148.82#53: timed out ; <<>> DiG 9.20.10 <<>> @100.110.148.82 netrelay.access.anon-L7cGS.domain ; (1 server found) ;; global options: +cmd ;; no servers could be reached ``` I also saw that the `nb_map_dns_ip` is empty: ```plaintext $ sudo bpftool map dump name nb_map_dns_ip key: 00 00 00 00 value: 00 00 00 00 key: 01 00 00 00 value: 00 00 00 00 key: 02 00 00 00 value: 00 00 00 00 key: 03 00 00 00 value: 00 00 00 00 key: 04 00 00 00 value: 00 00 00 00 key: 05 00 00 00 value: 00 00 00 00 key: 06 00 00 00 value: 00 00 00 00 key: 07 00 00 00 value: 00 00 00 00 key: 08 00 00 00 value: 00 00 00 00 key: 09 00 00 00 value: 00 00 00 00 Found 10 elements ``` Running the agent in foreground (so without systemd hardenings) also doesn't produce a different result. `sudo netbird up -F --config /etc/netbird/main.json --log-file console`. Connectivity to a service running on a netbird IP (on a different peer) works. **Expected behavior** I would expect DNS resolution of netbird DNS domains to work. **Are you using NetBird Cloud?** self-hosted instance **NetBird version** `0.49.0` and also tried it with `0.50.1`. **Is any other VPN software installed?** - Wireguard, manually configured connections. But this is also the case when it is not running after a fresh reboot. **Debug output** To help us resolve the problem, please attach the following anonymized status output netbird status -dA ```plaintext Peers detail: boris-wintower.access.anon-L7cGS.domain: NetBird IP: 100.110.181.146/32 Public key: pFUC+DmaquTK+81S12HfAPD0CjTLsAXDEXh6arHOZEo= Status: Idle -- detail -- Connection type: ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Relay server address: Last connection update: 5 minutes, 50 seconds ago Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Networks: - Latency: 0s cph2449eea.access.anon-L7cGS.domain: NetBird IP: 100.110.100.50 Public key: ObxaqdHPK5rVcjZrph6nQ/7yO5dkLyRkzmt1pvV9hC0= Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/host ICE candidate endpoints (Local/Remote): 192.168.119.158:51820/192.168.119.217:51820 Relay server address: rel://birdy.anon-07nyF.domain:33080 Last connection update: 5 minutes, 48 seconds ago Last WireGuard handshake: 2 minutes, 47 seconds ago Transfer status (received/sent) 2.6 KiB/2.5 KiB Quantum resistance: false Networks: - Latency: 7.971143ms netrelay.access.anon-L7cGS.domain: NetBird IP: 100.110.236.28 Public key: 3iHnhFhvs656rtSeD4RKJVTldj3h4/L1WJpKbFn5yUU= Status: Connected -- detail -- Connection type: Relayed ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Relay server address: rel://birdy.anon-07nyF.domain:33080 Last connection update: 38 minutes, 37 seconds ago Last WireGuard handshake: 45 seconds ago Transfer status (received/sent) 2.8 KiB/4.2 KiB Quantum resistance: false Networks: 172.16.20.0/24, 172.16.22.0/24, 172.16.22.137/32 Latency: 0s Events: [INFO] SYSTEM (64e85152-a6e8-43dd-ad8d-196d4ef2e56b) Message: Network map updated Time: 38 minutes, 37 seconds ago [INFO] SYSTEM (3948db80-a0e4-4464-aefe-a9f714cf46fd) Message: Network map updated Time: 5 minutes, 50 seconds ago OS: linux/amd64 Daemon version: 0.49.0 CLI version: 0.49.0 Management: Connected to https://birdy.anon-07nyF.domain:33073 Signal: Connected to http://birdy.anon-07nyF.domain:10000 Relays: [stun:birdy.anon-07nyF.domain:3478] is Unavailable, reason: stun request: context deadline exceeded [turn:birdy.anon-07nyF.domain:3478?transport=udp] is Available [rel://birdy.anon-07nyF.domain:33080] is Available Nameservers: [9.9.9.9:53, 149.112.112.112:53] for [.] is Available FQDN: arch.access.anon-L7cGS.domain NetBird IP: 100.110.148.82/16 Interface type: Kernel Quantum resistance: false Lazy connection: false Networks: - Forwarding rules: 0 Peers count: 2/3 Connected ``` Create and upload a debug bundle, and share the returned file key: netbird debug for 1m -AS -U: `fc1a3b80da002537c8f61ade127c2f5a6d47035e640f710f6ea29a21a478965c/52e3c97c-4fb0-4978-9e41-643a74e5042f` *Uploaded files are automatically deleted after 30 days.* **Screenshots** N/A **Additional context** Add any other context about the problem here. **Have you tried these troubleshooting steps?** - [X] Reviewed [client troubleshooting](https://docs.netbird.io/how-to/troubleshooting-client) (if applicable) - [X] Checked for newer NetBird versions - [X] Searched for similar issues on GitHub (including closed ones) - [X] Restarted the NetBird client - [X] Disabled other VPN software - [X] Checked firewall settings

saavagebueno added the bug client dns labels 2025-11-20 06:11:53 -05:00

saavagebueno commented

2025-11-20 06:11:53 -05:00

@nazarewk commented on GitHub (Jul 7, 2025):

Can you run sudo ss -nlp | grep netbird to identify which port is the DNS resolver listening on?

@nazarewk commented on GitHub (Jul 7, 2025): Can you run `sudo ss -nlp | grep netbird` to identify which port is the DNS resolver listening on?

saavagebueno commented

2025-11-20 06:11:53 -05:00

@djboris9 commented on GitHub (Jul 7, 2025):

It's listening on udp 100.110.148.82:53:

$ sudo ss -nlp | grep netbird
u_str LISTEN 0      4096                                /var/run/netbird.sock 681286                 * 0    users:(("netbird",pid=102425,fd=3))                                                                                                                                          
???   UNCONN 0      0                                              0.0.0.0%lo:255              0.0.0.0:*    users:(("netbird",pid=102425,fd=21))                                                                                                                                         
udp   UNCONN 0      0                                                 0.0.0.0:17               0.0.0.0:*    users:(("netbird",pid=102425,fd=8))                                                                                                                                          
udp   UNCONN 0      0                                                       *:17                     *:*    users:(("netbird",pid=102425,fd=9))                                                                                                                                          
udp   UNCONN 0      0                                          100.110.148.82:53               0.0.0.0:*    users:(("netbird",pid=102425,fd=11))                                                                                                                                         
udp   UNCONN 0      0                                               127.0.0.1:3128             0.0.0.0:*    users:(("netbird",pid=102425,fd=25))

@djboris9 commented on GitHub (Jul 7, 2025): It's listening on udp `100.110.148.82:53`: ```plaintext $ sudo ss -nlp | grep netbird u_str LISTEN 0 4096 /var/run/netbird.sock 681286 * 0 users:(("netbird",pid=102425,fd=3)) ??? UNCONN 0 0 0.0.0.0%lo:255 0.0.0.0:* users:(("netbird",pid=102425,fd=21)) udp UNCONN 0 0 0.0.0.0:17 0.0.0.0:* users:(("netbird",pid=102425,fd=8)) udp UNCONN 0 0 *:17 *:* users:(("netbird",pid=102425,fd=9)) udp UNCONN 0 0 100.110.148.82:53 0.0.0.0:* users:(("netbird",pid=102425,fd=11)) udp UNCONN 0 0 127.0.0.1:3128 0.0.0.0:* users:(("netbird",pid=102425,fd=25)) ```

saavagebueno commented

2025-11-20 06:11:54 -05:00

@nazarewk commented on GitHub (Jul 9, 2025):

looks like the AUR community package isn't sufficiently configured to gather the logs, could you add a following systemd drop-in file to test the changes from https://github.com/netbirdio/netbird/pull/4124 ?

/etc/systemd/system/netbird@.service.d/gh-4110-test.conf:

[Service]
# START reset the values first
EnvironmentFile=
ExecStart=
# END reset the values first
#Type=simple
Environment=NB_CONFIG=/etc/netbird/%i.json
Environment=NB_STATE_DIR=/var/lib/netbird/%i
Environment=NB_LOG_FILE=/var/log/netbird/%i/client.log
Environment=NB_DAEMON_ADDR=unix:///var/run/netbird/%i.sock
Environment=NB_SERVICE=%N
# for compatibility with older versions
Environment=SYSTEMD_UNIT=%N
EnvironmentFile=-/etc/default/netbird
EnvironmentFile=-/etc/default/netbird-%i
ExecStart=/usr/bin/netbird service run $FLAGS
Restart=on-failure
RestartSec=5
TimeoutStopSec=10
CacheDirectory=netbird/%i
ConfigurationDirectory=netbird
LogsDirectory=netbird/%i
RuntimeDirectory=netbird
StateDirectory=netbird/%i

alternatively you could replace the whole /etc/systemd/netbird@.service with the PR version

PS: I've asked the AUR package maintainer to sync https://aur.archlinux.org/pkgbase/netbird#comment-1031706

@nazarewk commented on GitHub (Jul 9, 2025): looks like the AUR community package isn't sufficiently configured to gather the logs, could you add a following `systemd` drop-in file to test the changes from https://github.com/netbirdio/netbird/pull/4124 ? `/etc/systemd/system/netbird@.service.d/gh-4110-test.conf`: ``` [Service] # START reset the values first EnvironmentFile= ExecStart= # END reset the values first #Type=simple Environment=NB_CONFIG=/etc/netbird/%i.json Environment=NB_STATE_DIR=/var/lib/netbird/%i Environment=NB_LOG_FILE=/var/log/netbird/%i/client.log Environment=NB_DAEMON_ADDR=unix:///var/run/netbird/%i.sock Environment=NB_SERVICE=%N # for compatibility with older versions Environment=SYSTEMD_UNIT=%N EnvironmentFile=-/etc/default/netbird EnvironmentFile=-/etc/default/netbird-%i ExecStart=/usr/bin/netbird service run $FLAGS Restart=on-failure RestartSec=5 TimeoutStopSec=10 CacheDirectory=netbird/%i ConfigurationDirectory=netbird LogsDirectory=netbird/%i RuntimeDirectory=netbird StateDirectory=netbird/%i ``` alternatively you could replace the whole `/etc/systemd/netbird@.service` with the [PR version](https://github.com/netbirdio/netbird/pull/4124/files#diff-ad6704d125bea72ce333d3f8ac199fb2e8843cc62faa77959053e0d2d95b973e) PS: I've asked the AUR package maintainer to sync https://aur.archlinux.org/pkgbase/netbird#comment-1031706

saavagebueno commented

2025-11-20 06:11:54 -05:00

@djboris9 commented on GitHub (Jul 9, 2025):

Thanks for taking a look at the AUR package. I can also test the client with the bash-based install routine if you want.

I configured the drop-in, reloaded systemd and restarted the service. This resulted in a change of the daemon socket addr from the default to unix:///var/run/netbird/main.sock, as it's templated. Maybe this change is something the maintainer of the AUR package wants to avoid.

Did again a debug collection, hope it is collected correctly now:

$ netbird --daemon-addr unix:///var/run/netbird/main.sock debug for 1m -AS -U
...
fc1a3b80da002537c8f61ade127c2f5a6d47035e640f710f6ea29a21a478965c/15c0ffe1-0b21-4a73-a206-2b0a2b15faf6

And also tested netbird DNS resolution (NOK) and peer access by IP (OK). Now I'm on 0.50.1.

@djboris9 commented on GitHub (Jul 9, 2025): Thanks for taking a look at the AUR package. I can also test the client with the bash-based install routine if you want. I configured the drop-in, reloaded systemd and restarted the service. This resulted in a change of the daemon socket addr from the default to `unix:///var/run/netbird/main.sock`, as it's templated. Maybe this change is something the maintainer of the AUR package wants to avoid. Did again a debug collection, hope it is collected correctly now: ```plaintext $ netbird --daemon-addr unix:///var/run/netbird/main.sock debug for 1m -AS -U ... fc1a3b80da002537c8f61ade127c2f5a6d47035e640f710f6ea29a21a478965c/15c0ffe1-0b21-4a73-a206-2b0a2b15faf6 ``` And also tested netbird DNS resolution (NOK) and peer access by IP (OK). Now I'm on `0.50.1`.

saavagebueno commented

2025-11-20 06:11:54 -05:00

@nazarewk commented on GitHub (Jul 10, 2025):

thanks, this helped a lot :)

Feel free to remove/change the Environment=NB_DAEMON_ADDR=unix://var/run/netbird.sock in the feature.

What I've seen in the logs, this is "simply" a Network Manager version mismatch. Last time I brought it up with the team I learned that NetworkManager is known to introduce incompatibilities between versions. I have brought it up again to try to figure something out in this regard.

Those are relevant (slightly reformatted) log lines:

2025-07-09T17:25:58.000|DEBG|arch        ] device is ready to use: wt0 
2025-07-09T17:25:58.000|DEBG|arch        ] network manager constraints [>= 1.16, < 1.27 | >= 1.44, < 1.45] met: false 
2025-07-09T17:25:58.000|INFO|arch        ] System DNS manager discovered: file 
2025-07-09T17:25:58.000|INFO|arch        ] lazy connection manager is disabled

PS: we had a first internal test run of the profile switching PR and will very likely remove the parametrized version of the systemd service completely after merging it.

@nazarewk commented on GitHub (Jul 10, 2025): thanks, this helped a lot :) Feel free to remove/change the `Environment=NB_DAEMON_ADDR=unix://var/run/netbird.sock` in the feature. What I've seen in the logs, this is "simply" a Network Manager version mismatch. Last time I brought it up with the team I learned that NetworkManager is known to introduce incompatibilities between versions. I have brought it up again to try to figure something out in this regard. Those are relevant (slightly reformatted) log lines: ```text 2025-07-09T17:25:58.000|DEBG|arch ] device is ready to use: wt0 2025-07-09T17:25:58.000|DEBG|arch ] network manager constraints [>= 1.16, < 1.27 | >= 1.44, < 1.45] met: false 2025-07-09T17:25:58.000|INFO|arch ] System DNS manager discovered: file 2025-07-09T17:25:58.000|INFO|arch ] lazy connection manager is disabled ``` PS: we had a first internal test run of the profile switching PR and will very likely remove the parametrized version of the systemd service completely after merging it.

saavagebueno commented

2025-11-20 06:11:54 -05:00

@Giggitybyte commented on GitHub (Aug 11, 2025):

I am also having a similar issue. I have Netbird selfhosted in an Alpine Linux VM on an Arch Linux host. When I install the Netbird client on the Arch Linux host and attempt to ping any peer using its Netbird domain name, the ping command returns "Temporary failure in name resolution".

I tried installing the client both from the AUR and the install shell script and DNS resolution seems to be broken. If it makes any difference, my Arch Linux server is using systemd-networkd and systemd-resolved.

<admin@server> ~ $ resolvectl status wt0
Link 10 (wt0)
    Current Scopes: DNS
         Protocols: -DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.114.107.90
       DNS Servers: 100.114.107.90
        DNS Domain: netbird.vlan ~114.100.in-addr.arpa
     Default Route: no

<admin@server> ~ $ ping luke-phone.netbird.vlan
ping: luke-phone.netbird.vlan: Temporary failure in name resolution

<admin@server> ~ $ resolvectl query -i wt0 luke-desktop.netbird.vlan
luke-desktop.netbird.vlan: resolve call failed: All attempts to contact name servers or networks failed

<admin@server> ~ $ sudo ss -nlptu 'sport = 53' | grep netbird
udp   UNCONN 0      0      100.114.107.90:53        0.0.0.0:*    users:(("netbird",pid=115623,fd=35))

<admin@server> ~ $ netbird status
OS: linux/amd64
Daemon version: 0.54.0
CLI version: 0.54.0
Profile: default
Management: Connected
Signal: Connected
Relays: 1/3 Available
Nameservers: 0/0 Available
FQDN: server.netbird.vlan
NetBird IP: 100.114.107.90/16
Interface type: Kernel
Quantum resistance: false
Lazy connection: false
Networks: -
Forwarding rules: 0
Peers count: 2/2 Connected

Netbird DNS resolution seems to work on Ubuntu, as I can ping any peer using its Netbird domain name from my Kubuntu desktop.

luke@luke-desktop:~$ ping server.netbird.vlan
PING server.netbird.vlan (100.114.107.90) 56(84) bytes of data.
64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=1 ttl=64 time=0.736 ms
64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=2 ttl=64 time=0.767 ms
64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=3 ttl=64 time=0.684 ms

luke@luke-desktop:~$ resolvectl query -i wt0 server.netbird.vlan
server.netbird.vlan: 100.114.107.90             -- link: wt0

-- Information acquired via protocol DNS in 3.2ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

@Giggitybyte commented on GitHub (Aug 11, 2025): I am also having a similar issue. I have Netbird selfhosted in an Alpine Linux VM on an Arch Linux host. When I install the Netbird client on the Arch Linux host and attempt to ping any peer using its Netbird domain name, the ping command returns "Temporary failure in name resolution". I tried installing the client both from the AUR and the install shell script and DNS resolution seems to be broken. If it makes any difference, my Arch Linux server is using systemd-networkd and systemd-resolved. ``` <admin@server> ~ $ resolvectl status wt0 Link 10 (wt0) Current Scopes: DNS Protocols: -DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 100.114.107.90 DNS Servers: 100.114.107.90 DNS Domain: netbird.vlan ~114.100.in-addr.arpa Default Route: no ``` ``` <admin@server> ~ $ ping luke-phone.netbird.vlan ping: luke-phone.netbird.vlan: Temporary failure in name resolution ``` ``` <admin@server> ~ $ resolvectl query -i wt0 luke-desktop.netbird.vlan luke-desktop.netbird.vlan: resolve call failed: All attempts to contact name servers or networks failed ``` ``` <admin@server> ~ $ sudo ss -nlptu 'sport = 53' | grep netbird udp UNCONN 0 0 100.114.107.90:53 0.0.0.0:* users:(("netbird",pid=115623,fd=35)) ``` ``` <admin@server> ~ $ netbird status OS: linux/amd64 Daemon version: 0.54.0 CLI version: 0.54.0 Profile: default Management: Connected Signal: Connected Relays: 1/3 Available Nameservers: 0/0 Available FQDN: server.netbird.vlan NetBird IP: 100.114.107.90/16 Interface type: Kernel Quantum resistance: false Lazy connection: false Networks: - Forwarding rules: 0 Peers count: 2/2 Connected ``` Netbird DNS resolution seems to work on Ubuntu, as I can ping any peer using its Netbird domain name from my Kubuntu desktop. ``` luke@luke-desktop:~$ ping server.netbird.vlan PING server.netbird.vlan (100.114.107.90) 56(84) bytes of data. 64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=1 ttl=64 time=0.736 ms 64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=2 ttl=64 time=0.767 ms 64 bytes from server.netbird.vlan (100.114.107.90): icmp_seq=3 ttl=64 time=0.684 ms ``` ``` luke@luke-desktop:~$ resolvectl query -i wt0 server.netbird.vlan server.netbird.vlan: 100.114.107.90 -- link: wt0 -- Information acquired via protocol DNS in 3.2ms. -- Data is authenticated: no; Data was acquired via local or encrypted transport: no -- Data from: network ```

saavagebueno commented

2025-11-20 06:11:54 -05:00

@djboris9 commented on GitHub (Sep 19, 2025):

This issue is resolved now, using netbird 0.56.0 and an arch linux that was updated on the 2025-09-12. I cannot reproduce, what (distro update or netbird update) made it work again.

@Giggitybyte Another potential/common issue is with other networking/VPN software running or leaving artifacts on the system. Such as tailscale as described in the ArchWiki - Netbird Troubleshooting

@djboris9 commented on GitHub (Sep 19, 2025): This issue is resolved now, using netbird 0.56.0 and an arch linux that was updated on the 2025-09-12. I cannot reproduce, what (distro update or netbird update) made it work again. @Giggitybyte Another potential/common issue is with other networking/VPN software running or leaving artifacts on the system. Such as tailscale as described in the [ArchWiki - Netbird Troubleshooting](https://wiki.archlinux.org/title/Netbird#Network_inaccessible)

saavagebueno referenced this issue

2025-11-20 08:05:31 -05:00

[PR #2048] fix a typo in CODE_OF_CONDUCT.md #3277

Sign in to join this conversation.

Branches Tags

main

feature/fleetdm

feat/byod-proxy

fix/pat-target-user-account-valdation

client-ipv6-android-ui

dependabot/go_modules/golang.org/x/image-0.38.0

client-ipv6-iptables

combined-migration-2

feature/use-local-keys-embedded

entire/checkpoints/v1

update-embedded-idp-user

mgmt-ipv6-addressing

crowdsec-integration

pcp-support

nat-pmp-upnp

refactor/unexport-getserverpublickey-add-healthcheck

fix/module-check-for-posturecheck-delete

client-ipv6-nftables

client-ipv6-routing

refactor/permissions-manager

feat/reseller-openapi-spec

client-ipv6-acl-usp

dependabot/go_modules/github.com/russellhaering/goxmldsig-1.6.0

fix-ssh-stop-deadlock

client-ipv6-ssh-netflow

client-ipv6-dns

client-ipv6-iface

proto-ipv6-overlay

dependabot/npm_and_yarn/proxy/web/picomatch-4.0.4

iptables-mangle-dnat-guard

fix/ssh-proxy-command-quoting

fix/userspace-native-firewall

dependabot/go_modules/filippo.io/edwards25519-1.1.1

dependabot/npm_and_yarn/proxy/web/multi-770cfcd984

dependabot/npm_and_yarn/proxy/web/rollup-4.60.0

dependabot/npm_and_yarn/proxy/web/flatted-3.4.2

chore/proxy-web-packages

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

nmap/cleanup

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

fix/policy-upd

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

local-dns-listener

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

fix/login-cmd-root-flags

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#2048