Netbird and DNS resolution

Community Support Self-Hosted
1

Hi,

Describe the problem

I have a home-lab with many server connected with Tailscale/Headscale today. I managed my own DNSmasq config. I want to be able to resolve “serverA.xxx.xxx” to get the private IP of a node. I can do that with Tailscale with MagicDNS

I installed Netbird on my home-lab, composed of many servers
I used the --disable-dns to connect my nodes but it seems that I’m not able to resolve my server name (server1.dns.xxxx.xxxx for example). I think I’m probably doing something wrong so I wanted to ask at the community for help if this is possible.

I did the local config of dnsmasq this way :

server=/dns.xxx.xxx/<Private_IP>:53 # Port used by netbird

I confirm the good port with a netstat -latupon | grep 53, it could be 5053 If i remember well.
When I try to resolve, I got a timeout.

To Reproduce

Steps to reproduce the behavior:

  • Install Netbird with --disable-dns
  • configure your local resolver to handle the domain “dns.xxx.xxx” and redirect to the local netbird service which is listening in port 53 or 5053
  • Try to resolve any node dns with the domain configured on netbird (serverA.dns.xxx.xxx)

Expected behavior

I want to be able to resolve localy all the node dns name configured in netbird to avoid using private IP on my services configurations.

Are you using NetBird Cloud?

No, self-hosted.

NetBird version

Last one (0.66.0)

Is any other VPN software installed?

Yes, Tailscale/Headscale.

I think I’m not understanding something in the documentation which seems to be well done, sorry if my problem is trivial
Thanks for help

2

You either set the nameserver for your specific domain inside of Netbird (management) and allow Netbird clients to connect to the DNS with an ACL

image
image757×608 33.8 KB

image
image1800×121 11.3 KB

3

Thanks for you help.

I reinstalled Netbird to try your advice on two of my server for testing, and now I can resolve in local without doing anything more (no Network creation and no ACL…)
But I have weird behaviour that I can’t understand.

Here is my using ports :

udp        0      0 100.127.103.91:5053     0.0.0.0:*                           3990431/netbird      off (0.00/0/0)
udp        0      0 0.0.0.0:53              0.0.0.0:*                           4051447/dnsmasq      off (0.00/0/0)
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      4051447/dnsmasq      off (0.00/0/0)
tcp6       0      0 :::53                   :::*                    LISTEN      4051447/dnsmasq      off (0.00/0/0)
udp6       0      0 :::53                   :::*                                4051447/dnsmasq      off (0.00/0/0)

As you can see, Netbird listen on port 5053 because DNSMasq is already using port 53.
I configure DNSMasq this way to add the resolution for Netbird :

server=/netbird.xxxx.fr/100.127.103.91

So it’s redirecting my request to my private netbird IP on port 53, and it seems to works whereas netbird is listening on port 5053…

$ dig @100.127.103.91 serverA.netbird.xxx.fr
> Got desired resolution

$ dig @100.127.103.91 -p 5053 serverA.netbird.xxx.fr
> Got Timeout

Do you have any explanation for this ?