DNS resolution to peer's full name fails when using openresolv #2414

Open
opened 2025-11-20 07:09:29 -05:00 by saavagebueno · 5 comments
Owner

Originally created by @cmonty14 on GitHub (Oct 26, 2025).

Hello,
I deployed netbird 0.59.8 on a raspi that runs a (somehow special) server software stack: Loxberry.
Without sharing more details of this software stack there's a plugin that starts dnsmasq with a redirect function of a specific URL to local IP:

$ cat /etc/dnsmasq.d/weather4lox.conf                                                                                         
address=/weather.loxone.com/192.168.40.91                                                                                     
address=/weather-beta.loxone.com/192.168.40.91 

Any other URL is resolved by my router IP 192.168.40.1 using this network configuration:

$ cat /etc/network/interfaces                                                                                                 
# Loopback configuration (generated by LoxBerry)                                                                              
auto lo                                                                                                                       
iface lo inet loopback                                                                                                        
# IPv4 configuration (generated by LoxBerry)                                                                                  
auto eth0                                                                                                                     
iface eth0 inet static                                                                                                        
  address 192.168.40.91                                                                                                       
  netmask 255.255.255.0                                                                                                       
  gateway 192.168.40.1                                                                                                        
  dns-domain loxberry.local                                                                                                   
  dns-nameservers 192.168.40.1       

This results in this /etc/resolv.conf:

$ cat /etc/resolv.conf
# Generated by resolvconf
domain loxberry.local
nameserver 127.0.0.1

When I start netbird, this results in a modified /etc/resolv.conf and DNS resolution fails:

$ cat /etc/resolv.conf
# Generated by resolvconf
search netbird.cloud
nameserver 100.125.234.25

$ nslookup google.com
Server:         100.125.234.25
Address:        100.125.234.25#53

** server can't find google.com: REFUSED

In addition to the DNS resolution issue, I'm facing another issue:
If I enable netbird.service, after reboot system starts netbird listening on port 53, and this prevents dnsmasq to be started by the plugin because port 53 is in use.
This means netbird must not start before plugin starts dnsmasq.
How can I configure netbird accordingly?

THX

Originally created by @cmonty14 on GitHub (Oct 26, 2025). Hello, I deployed netbird 0.59.8 on a raspi that runs a (somehow special) server software stack: [Loxberry](https://wiki.loxberry.de/en/start). Without sharing more details of this software stack there's a plugin that starts dnsmasq with a redirect function of a specific URL to local IP: ``` $ cat /etc/dnsmasq.d/weather4lox.conf address=/weather.loxone.com/192.168.40.91 address=/weather-beta.loxone.com/192.168.40.91 ``` Any other URL is resolved by my router IP 192.168.40.1 using this network configuration: ``` $ cat /etc/network/interfaces # Loopback configuration (generated by LoxBerry) auto lo iface lo inet loopback # IPv4 configuration (generated by LoxBerry) auto eth0 iface eth0 inet static address 192.168.40.91 netmask 255.255.255.0 gateway 192.168.40.1 dns-domain loxberry.local dns-nameservers 192.168.40.1 ``` This results in this _/etc/resolv.conf_: ``` $ cat /etc/resolv.conf # Generated by resolvconf domain loxberry.local nameserver 127.0.0.1 ``` When I start netbird, this results in a modified _/etc/resolv.conf_ and DNS resolution fails: ``` $ cat /etc/resolv.conf # Generated by resolvconf search netbird.cloud nameserver 100.125.234.25 $ nslookup google.com Server: 100.125.234.25 Address: 100.125.234.25#53 ** server can't find google.com: REFUSED ``` In addition to the DNS resolution issue, I'm facing another issue: If I enable _netbird.service_, after reboot system starts _netbird_ listening on port 53, and this prevents _dnsmasq_ to be started by the plugin because port 53 is in use. This means netbird must not start before plugin starts _dnsmasq_. How can I configure _netbird_ accordingly? THX
Author
Owner

@flotpg commented on GitHub (Oct 28, 2025):

You could try to set the netbird client to not configure DNS:

Image
@flotpg commented on GitHub (Oct 28, 2025): You could try to set the netbird client to not configure DNS: <img width="2252" height="2426" alt="Image" src="https://github.com/user-attachments/assets/ade6ce9d-d874-43da-b6dc-c4cf602d9dea" />
Author
Owner

@cmonty14 commented on GitHub (Oct 29, 2025):

Thanks.
After applying this solution, DNS name resolution works as expected.
However, I cannot reach any other peer registered in Netbird from this server (with this setting).

@cmonty14 commented on GitHub (Oct 29, 2025): Thanks. After applying this solution, DNS name resolution works as expected. However, I cannot reach any other peer registered in Netbird from this server (with this setting).
Author
Owner

@flotpg commented on GitHub (Oct 29, 2025):

You mean resolve peer01.selfhosted?
But you can ping the IP?

@flotpg commented on GitHub (Oct 29, 2025): You mean resolve peer01.selfhosted? But you can ping the IP?
Author
Owner

@cmonty14 commented on GitHub (Nov 1, 2025):

You mean resolve peer01.selfhosted? But you can ping the IP?

True, I can ping IP of peer, but name resolution <peer>.netbird.cloud fails.
Imo this can't work if netbird don't modify DNS configuration.

What's the standard modification if DNS configuration is maintained in /etc/network/interfaces.

@cmonty14 commented on GitHub (Nov 1, 2025): > You mean resolve peer01.selfhosted? But you can ping the IP? True, I can ping IP of peer, but name resolution `<peer>.netbird.cloud` fails. Imo this can't work if _netbird_ don't modify DNS configuration. What's the standard modification if DNS configuration is maintained in `/etc/network/interfaces`.
Author
Owner

@cmonty14 commented on GitHub (Nov 9, 2025):

I have modified NIC configuration:

$ cat /etc/network/interfaces
# Loopback configuration (generated by LoxBerry)
auto lo
iface lo inet loopback
# IPv4 configuration (generated by LoxBerry)
auto eth0
iface eth0 inet static
  address 192.168.40.91
  netmask 255.255.255.0
  gateway 192.168.40.1
#  dns-domain loxberry.local
#  dns-nameservers 192.168.40.1

And openresolv configuration:

$ cat /etc/resolvconf.conf 
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1
name_servers=192.168.40.1

# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

In addition, there's dnsmasq.service running to redirect specific DNS request to 192.168.40.91:

$ cat /etc/dnsmasq.d/weather4lox.conf 
address=/weather.loxone.com/192.168.40.91
address=/weather-beta.loxone.com/192.168.40.91

Executing sudo resolvconf -u results in this /etc/resolv.conf:

$ cat /etc/resolv.conf
# Generated by resolvconf
search netbird.cloud
nameserver 127.0.0.1

With this, (regular) DNS resolution works as expected.

$ dig +short hp.com
18.239.50.45
18.239.50.109
18.239.50.112
18.239.50.6

$ dig +short ibm.com @127.0.0.1
95.101.46.117

But I cannot resolve peer's full name, while ping peer's IP works.

THX

@cmonty14 commented on GitHub (Nov 9, 2025): I have modified NIC configuration: ``` $ cat /etc/network/interfaces # Loopback configuration (generated by LoxBerry) auto lo iface lo inet loopback # IPv4 configuration (generated by LoxBerry) auto eth0 iface eth0 inet static address 192.168.40.91 netmask 255.255.255.0 gateway 192.168.40.1 # dns-domain loxberry.local # dns-nameservers 192.168.40.1 ``` And openresolv configuration: ``` $ cat /etc/resolvconf.conf # Configuration for resolvconf(8) # See resolvconf.conf(5) for details resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. #name_servers=127.0.0.1 name_servers=192.168.40.1 # Mirror the Debian package defaults for the below resolvers # so that resolvconf integrates seemlessly. dnsmasq_resolv=/var/run/dnsmasq/resolv.conf pdnsd_conf=/etc/pdnsd.conf unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf ``` In addition, there's _dnsmasq.service_ running to redirect specific DNS request to 192.168.40.91: ``` $ cat /etc/dnsmasq.d/weather4lox.conf address=/weather.loxone.com/192.168.40.91 address=/weather-beta.loxone.com/192.168.40.91 ``` Executing `sudo resolvconf -u` results in this _/etc/resolv.conf_: ``` $ cat /etc/resolv.conf # Generated by resolvconf search netbird.cloud nameserver 127.0.0.1 ``` With this, (regular) DNS resolution works as expected. ``` $ dig +short hp.com 18.239.50.45 18.239.50.109 18.239.50.112 18.239.50.6 $ dig +short ibm.com @127.0.0.1 95.101.46.117 ``` But I cannot resolve peer's full name, while ping peer's IP works. THX
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#2414