Netbird v0.63.0 released

Announcements Releases
1

netbird v0.63.0 released

Release Notes for v0.63.0

What’s New

Custom DNS Zones

NetBird now supports private DNS zones, allowing you to host DNS records directly within your network without external DNS servers.

Create zones like internal.company.io, add A, AAAA, or CNAME records, and distribute them to specific peer groups. Resolution happens locally on peers, and records propagate automatically when group membership
changes. With search domain support enabled, peers can query short names like api instead of the full api.internal.company.io.

Custom zones take precedence over nameserver configurations, giving you control over how specific domains resolve within your network. This works well with routed networks—map friendly names to private IPs behind
routing peers, and NetBird handles both DNS resolution and traffic routing. Your teams access postgres.internal instead of remembering 192.168.0.68.

Zone distribution is group-based, so different teams can see different records for the same zone, or have access to entirely separate zones.

Use Cases
  • Environment separation — Distinct zones for production, staging, and development, distributed only to relevant teams
  • Routed network resources — DNS names for services in data centers or cloud VPCs accessed through routing peers
  • Split-horizon DNS — Internal-only resolution for domains that resolve differently outside your network
Screenshots

Create a new Zone:

image
image1779×816 85.8 KB

Create a new record:

image
image1779×810 69.3 KB

View all records:

image
image1779×810 93.5 KB

Learn more at:

Custom Zones
Custom zone records for routed resources

DNS & Networking Improvements

  • Ensured musl compatibility by chasing CNAMEs in the local resolver.
    #5046
  • Improved DNS resolution flow by falling through the DNS chain for custom DNS zones.
    #5081
  • Changed priority between local and DNS route handlers for more predictable routing.
    #5106
  • Fixed netstack upstream DNS handling and added WASM debug methods.
    #4648

Client Improvements

  • Fixed WASM peer connections to lazy peers.
    #5097
  • Added fallback handling for invalid loginuid in ui-post-install.sh.
    #5099
  • Removed duplicate audience checks in the client.
    #5117

Management Enhancements

  • Added Custom DNS zones support.
    #4849
  • Added configuration compatibility checks during startup.
    #5087
  • Optimized external cache access by fetching all users in a single request.
    #5104
  • Adapted rate limiting behavior.
    #5080
  • Fixed SSH server audience validation across management and client.
    #5105
  • Skipped email_verified validation when not present in IdP responses.
    #5118
  • Added IdP timeout configuration via environment variable.
    #4647

Infrastructure & Security

  • Introduced embedded STUN support for relay and STUN components.
    #5062
  • Added a Quickstart reverse proxy assistant to simplify initial setup.
    #5100
  • Upgraded Alpine Linux from 3.22.2 to 3.23.2 for security hardening.
    #5119

Other Changes

New Contributors

  • @nsadeghi97 made their first contribution in #5095
  • @ressys1978 made their first contribution in #4647

Full Changelog: v0.62.2…v0.63.0

2

I tested private DNS zones and it is working like a charm. It help me to reduce latency.

3

This feature is really nice ! Thank you very much !

I use it to access my internal servers from the outside an i wonder if it makes sense to use the ‘normal’ subdomain or another for the netbird network.

Consider:

host111.example.intern : the normal case for clients in the internal network, search domain is example.intern

vs

host111.netbird.intern with search domain netbird.intern

The first variant would keep all URLs but might lead to confusion.

Any Ideas how to decide this ?