Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: DNS and search domain pushed to clients #160

Open
daymr opened this issue Jul 26, 2023 · 5 comments
Open

feat: DNS and search domain pushed to clients #160

daymr opened this issue Jul 26, 2023 · 5 comments
Labels
new-feature New features or options.

Comments

@daymr
Copy link

daymr commented Jul 26, 2023

Feature Request

Describe the Feature Request

The ability to configure domain and DNS that is pushed to zerotier clients. Similar to Zerotier Central hosted solution..
image

Describe Preferred Solution

enable the webUI to POST to API the following...
http://localhost:9993/controller/network/{networkID}

"dns": {
"domain": "some.domain",
"servers": ["10.0.0.3"]
}

Describe Alternatives

I have developed a dirty workaround for my windows deployment because of the lack of the proposed functionality... Powershell deployment script to clients..

###########################################################################################`
#########             SET THESE VARIABLES!!!!!!                               #############
###########################################################################################

### Zerotier Network ID ###
$NetworkID = ""

### Zerotier IPs of Domain Controllers and/or other DNS) ###
$ztdns1 = ""
$ztdns2 = ""

###########################################################################################
###############       DO NOT EDIT BELOW    ###################
###########################################################################################



### Download MSI file
$Folder = 'C:\ZT_install'
"Test to see if folder [$Folder]  exists"
if (Test-Path -Path $Folder) {
    "Path exists!"
} else {
    New-Item -Path "C:\" -Name "ZT_install" -ItemType Directory
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "https://download.zerotier.com/dist/ZeroTier%20One.msi" -OutFile "C:\ZenithIT\ZeroTierOne.msi"

#### Start Installation
Start-Process -FilePath ZeroTierOne.msi -WorkingDirectory $Folder  -ArgumentList '/qn','/norestart'

### 30 second delay
Timeout /NoBreak 30


### Join ZeroTier Network

$zerotiercli = "C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe"
$param1 = "-q"
$param2 = "join"

& $zerotiercli $param1 $param2 $NetworkID

### 15 second delay
Timeout /NoBreak 15

### Manually Sets DNS on zerotier NIC from variables
$ztdns_all = $ztdns1 + "," + $ztdns2
$nicsearch = "*" + $NetworkID + "*"
$ZT_NIC = $ifIndexVariable = Get-NetAdapter -Name $nicsearch | Select-Object -ExpandProperty 'ifIndex'

Set-DnsClientServerAddress -Interfaceindex $ZT_NIC -ServerAddresses ($ztdns_all)
write-host DNS set to $ztdns_all
Write-host "Setup Complete"

Related Code

enable the webUI to POST to API the following...
http://localhost:9993/controller/network/{networkID}

"dns": {
"domain": "some.domain",
"servers": ["10.0.0.3"]
}

Additional Context

none

If the feature request is approved, would you be willing to submit a PR?
Yes
@daymr daymr added the new-feature New features or options. label Jul 26, 2023
@stevelup
Copy link

I realise I'm replying to an old issue, but you -can- do this anyway, just not via the UI.

Just add this to the ports section of the zerotier service in docker-compose so that you can directly access the controller...
- "9993:9993/tcp"

... and then restart the docker ...
docker-compose up -d

Then execute this:-

TOKEN=$(sudo cat /srv/zero-ui/zerotier-one/authtoken.secret)
NWID=your_network_id

curl -X POST "http://localhost:9993/controller/network/${NWID}" -H "X-ZT1-AUTH: ${TOKEN}" \
    -d '{"dns": { "domain": "YOUR-DOMAIN-HERE", "servers": ["192.168.1.2","192.168.1.3"] } }'

Obviously you need to make sure 9993/tcp is blocked at the firewall level if you do this.

@bruteForce93
Copy link

I realise I'm replying to an old issue, but you -can- do this anyway, just not via the UI.

Just add this to the ports section of the zerotier service in docker-compose so that you can directly access the controller... - "9993:9993/tcp"

... and then restart the docker ... docker-compose up -d

Then execute this:-

TOKEN=$(sudo cat /srv/zero-ui/zerotier-one/authtoken.secret)
NWID=your_network_id

curl -X POST "http://localhost:9993/controller/network/${NWID}" -H "X-ZT1-AUTH: ${TOKEN}" \
    -d '{"dns": { "domain": "YOUR-DOMAIN-HERE", "servers": ["192.168.1.2","192.168.1.3"] } }'

Obviously you need to make sure 9993/tcp is blocked at the firewall level if you do this.

This doesn't work at all...access denied

@stevelup
Copy link

Did you replace 'your_network_id' with your network ID?

@bruteForce93
Copy link

Did you replace 'your_network_id' with your network ID?

I won't risk running the above command and ruining an already wicked deployement...

curl "http://zerotier:9993/controller/network/e2df222b16f332ce/member" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: zerotier

I am sorry for the rudeness but this UI is so badly documented that you have to trial and error until you "make" it work. And then you just can't communicate with the API at all.

Let me tell you this. I deployed the container yesterday following strictly the "installation guide" and it didn't work out of the box (apparently). I then installed zerotier-one and managed to login to localhost:4000 but could not create a network (the button wouldn't respond even if you cleared the cache). THEN I removed the zerotier-one package (sudo remove didn't remove the var/lib/zerotier-one directory at all (lol)) and only then managed to create a network. Now I cannot join the controller to the network because where am I supposed to look at? You get two zerotier directories in var/lib and srv/zero-ui with separate tokens. I think this is some bad comedy already but it is actually sad. Because this image mitigates some problems with ztncui but all this container stuff makes it a big no go.

@stevelup
Copy link

You are attempting to connect to 'zerotier' not localhost. And anyway, even if it did work, it wouldn't have worked because you're targeting the wrong folder there. The zerotier instance that belongs to zero-ui is in /srv/zero-ui.

I can't comment on the rest of your post... All I can tell you is that everything worked first time for me out of the box. You do not need to (and should not have) manually installed zerotier. It's part of the container - so you now have two copies of zerotier on that machine.

I'd start again from scratch to be honest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature New features or options.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stevelup @daymr @bruteForce93