I believe this is a problem not caused by Ziti but I assume you have quite some experience with settings this up correctly.
We're struggling quite a bit with the correct DNS settings for Ziti on many machines, what exact DNS circumstances does Ziti need in order to work correctly?
Simply enabling systemd-resolved
on many machines results in ziti-edge-tunnel
injecting the DNS correctly, however not as the global DNS but only for the ziti0
interface which often results in Ziti lookups to be tried on public DNS before:
resolvectl status
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: no
Current DNS Server: 1.1.1.1
DNS Servers: 1.1.1.1
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 67 (ziti0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 100.64.0.2
DNS Servers: 100.64.0.2
Do you instead recommend using systemd-resolved
in the foreign mode and manually adding the ziti DNS server before any other? Any help is highly appreciated.
Interestingly enough the Ziti DNS Server is added correctly on some machines with exactly the same systemd-resolved
settings and the same content in /etc/resolv.conf