I have started a controller (www.ctrlzj.com) and a router (www.routerzj.com) on my computer, and they are using the same IP address, 192.168.63.23, which is my computer's IP. I have configured their resolution in the DNS service and set the DNS1 in my phone's Wi-Fi configuration to the DNS address. Initially, when using adb shell , ping www.ctrlzj.com / ping www.routerzj.com , both work fine. After starting the Ziti Android app, I can also access the test service. However, after killing the app and running it again, it shows an error that it cannot resolve the www.routerzj.comaddress. I have used nslookup and confirmed that the DNS service is working fine. I have tried many times, but on the phone, when using ping , only one of the domains (either the controller or the router) can be resolved, and it keeps alternating. I am wondering if the CSDK caches DNS and if having different domain names with the same IP address might cause issues. Can you give me some suggestions?
I restarted the phone and the Wi-Fi settings, and now it can only resolve one domain. I should be able to rule out phone caching. I used adb shell ping to avoid browser-related issues. I can only guess that the C-SDK might have modified the phone's DNS or cache.
I checked the DNS logs, and the Wi-Fi the phone is connected to might have two DNS servers: set upstream DNS[[2408:8000:6001:7000::8888, 192.168.63.23]] . As far as I know, most Android phones still don't support setting IPv6 DNS services. Could this be the cause?
This all seems like a setup issue, TBH. Here are some answers to your questions:
IPv6 DNS has been definitely supported by Android -- some mobile carriers will only do IPv6 traffic
upstream DNS is completely internal to OpenZiti tunneler it is used to resolve any hosts that are not in configured intercepts.
upstream DNS hosts are provided by the active network -- this means that host [2408:8000:6001:7000::8888] comes from your local network (or maybe you have Private DNS turned on in Android Network setting)
OpenZiti does not modify the device DNS cache -- I don't believe there is a way to do it
there are a few things you can try:
check your DNS server logs for any clues
run wireshark on your home computer to see whether DNS queries make it to the DNS server
I started the controller and router on my own computer, using a custom domain. So, I also started CoreDNS on my computer to resolve the custom domain. The Wi-Fi network I am using has two DNS addresses: 2408:8000:6001:7000::8888 and 114.114.114.114. However, I changed the DNS1 on my phone to 192.168.63.23, so the log shows: link[115] nameservers: [/2408:8000:6001:7000::8888, /192.168.63.23] .
In the Android code, you can set the upstream DNS using the method private fun setUpstreamDNS(net: Network, props: LinkProperties). I have a question: will the DNS set through this method override the DNS1 or DNS2 settings in the phone's Wi-Fi settings? I noticed that it retrieves the DNS configuration from the Wi-Fi and passes it to the CSDK.
If I don't set DNS1 or DNS2 in the Wi-Fi settings and directly use model.setUpstreamDNS(listOf("192.168.63.23")), will it work? I tried it, but it didn't work, so maybe there is an issue with my approach.
I tried checking the DNS server logs, and it's strange. The first time I access it using the browser after refreshing the DNS cache (by turning airplane mode on and off), I can see the resolution logs. However, after killing Google Chrome and restarting it, the DNS server logs no longer show any resolution logs, except for the one for google.com. I need to refresh the DNS cache again to see the logs, which is very strange.
In the CSDK, the DNS is mainly responsible for resolving and intercepting custom domain names, resolving them to addresses like 100.64.0.5/100.64.0.6/100.64.0.7. Resolving the DNS for the controller and router depends on the DNS service of the Wi-Fi environment I'm using. They should not interfere with each other. Is my understanding correct?
No, it will not. It just instructs the C code (in tunneler SDK) to use those servers for pass-through queries (queries that do not have Ziti intercepts)
