domain routes don't work on client

[emperorkebab]

Describe the problem

domain routes don't work on my ubuntu and windows clients, i can ping my other docker peer either by its netbird ip or name, i can even ping a local machine (in the peer's network) by using an ip route, but domain routes don't work

I verified that the domain is resolvable and accessible inside my peer's docker container, and that the container has the 3 needed cap_adds
The domain route is correctly setup, with the docker peer as routing peer, and the distribution group assigned to the clients

i even tried hosting a webserver with the route's domain name inside the docker peer, with no avail
The only workaround is to create an ip route and manually add the domain mapping in the client hosts file, which is unpractical
Potentially related to #1788

---

To Reproduce

Steps to reproduce the behavior:

1. I created a domain route with the docker peer as routing peer, and the distribution group of the client
2. use netbird up (with debug flags)

---

Expected behavior

The client should ping and connect to the domain of the domain route successfully

---

NetBird version

0.28.4 for:

• Self hosted management
• docker peer
• ubuntu client
• windows client

---

Outputs

netbird up debug log (ubuntu client):

024-07-22T19:26:52+02:00 INFO client/internal/acl/manager.go:52: ACL rules processed in: 1.138681ms, total rules count: 2
2024-07-22T19:26:53+02:00 ERRO client/internal/routemanager/dynamic/route.go:165: Failed to resolve domains for route [mydomain.com]: resolve domains: 1 errors occurred:
	* resolve d mydomain.com: lookup mydomain.com on 127.0.0.53:53: no such host
2024-07-22T19:26:53+02:00 ERRO client/internal/routemanager/dynamic/route.go:165: Failed to resolve domains for route [mydomain.com]: resolve domains: 1 errors occurred:
	* resolve d mydomain.com: lookup mydomain.com on 127.0.0.53:53: no such host
2024-07-22T19:26:53+02:00 ERRO client/internal/routemanager/dynamic/route.go:165: Failed to resolve domains for route [mydomain.com]: resolve domains: 1 errors occurred:
	* resolve d mydomain.com: lookup mydomain.com on 127.0.0.53:53: no such host

client ping error (ubuntu client):

ping: mydomain.com: Temporary failure in name resolution

netbird status (ubuntu client):

Peers detail:
 mydockerpeer.netbird.selfhosted:
  NetBird IP: 100.101.142.98
  Public key: *removed*
  Status: Connected
  -- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/srflx
  ICE candidate endpoints (Local/Remote): 192.168.82.102:51820/198.74.80.1:51820
  Last connection update: 22 seconds ago
  Last WireGuard handshake: 10 seconds ago
  Transfer status (received/sent) 420 B/660 B
  Quantum resistance: false
  Routes: -
  Latency: 61.711842ms

OS: linux/amd64
Daemon version: 0.28.4
CLI version: 0.28.4
Management: Connected to https://anon-HPxz3.domain:8080
Signal: Connected to https://anon-HPxz3.domain:8080
Relays: 
  [stun:anon-HPxz3.domain:3478] is Available
  [turn:anon-HPxz3.domain:3478?transport=udp] is Available
Nameservers: 
FQDN: myclient.netbird.selfhosted
NetBird IP: 100.95.37.12/16
Interface type: Kernel
Quantum resistance: false
Routes: -
Peers count: 1/1 Connected

[lixmal]

Hi @emperorkebab,

Is the domain resolvable from the client? That's where the domains are resolved.
If it is, can you send over the contents of /etc/resolv.conf when netbird is up, please?

[emperorkebab]

Is the domain resolvable from the client?

No, (in all of my clients)

can you send over the contents of /etc/resolv.conf when netbird is up, please?

@lixmal I hope this is descriptive enough

	ubuntu client	docker peer
when netbird up	nameserver 127.0.0.53 options edns0 trust-ad search netbird.selfhosted	search lan nameserver 127.0.0.11 options edns0 trust-ad ndots:0
when netbird down	nameserver 127.0.0.53 options edns0 trust-ad search .	can't disable netbird via docker tty
can resolve domain	No	Yes, ping too
network	connecting from public net	in server's local network, alongside the route domain's target

[emperorkebab]

Also after updating my clients and servers to 0.28.6

The ubuntu client output log now is:

2024-07-23T10:15:23+02:00 ERRO client/internal/routemanager/dynamic/route.go:178: Failed to resolve domains for route [mydomain.com]: resolve domains: 1 errors occurred:
	* resolve d mydomain.com: lookup mydomain.com on 127.0.0.53:53: server misbehaving

instead of the original:

2024-07-22T19:26:53+02:00 ERRO client/internal/routemanager/dynamic/route.go:165: Failed to resolve domains for route [mydomain.com]: resolve domains: 1 errors occurred:
	* resolve d mydomain.com: lookup mydomain.com on 127.0.0.53:53: no such host

The new error (upper one) also happens in line 165 for the first error log line, the next ones happen in line 178

[lixmal]

That's the issue then. The clients must be able to resolve the domain for the route to be added.

If this is a private domain you could set the DNS server for the clients to the private one that can resolve it (plus add the route for the DNS server itself)

[emperorkebab]

I see what you mean but that DNS solution will just give access to all local domains without access control
I was hoping to be able to route individual domains from the clients to the local network through the docker peer, is something like this possible?

[lixmal]

DNS won't give access, it will only expose the IP addresses.

You'll have DNS resolution on the routing clients, which will route their traffic to the routing peer.

[nazarewk]

@emperorkebab is this still an issue for you with the latest NetBird version?