Hey guys,
wanna discuss a new idea, DNS Domain Delegation.
When i‘m creating a network with Routers to different customers, each customer has own DNS Servers from her Active Directories.
In die normal VPN world i would create a route to all networks/customers and use a own DNS with forwarding of specific Domains to different customer DNS.
Currently, i have no idea how to implement this with Ziti?
Hope this makes sense..
Ziti DNS is independent of the global domain name system. The nameserver is provided by a Ziti tunneler and will resolve Ziti service addresses. You can authorize a group of Ziti identities to use a Ziti service, then they'll be able to resolve that service's address and connect.
Sure, but you have to create each service in Ziti..
It is easier to route a subnet to a specific router / Destination.
So i understand that is not a Ziti concept and it makes no sense?
It is also possible to create a ziti service with a wildcard address, effectively masking a DNS zone with Ziti.
Then, the Ziti service with a wildcard address may be authorized with a Ziti Dial Service Policy, and clients using Ziti DNS will only connect to that destination when resolving names in that DNS zone: Tunneler Config Type intercept.v1 | OpenZiti
On the terminating side, the "host" config part of the Ziti service, you have a choice to send all traffic to the same destination host:port or separate based on the original destination, i.e., by host or port or both: Tunneler Config Type host.v1 | OpenZiti
Finally, you also have the option to configure the dialing tunneler as an IP router, effectively granting access to the masked DNS zone to a subnet: Local Gateway | OpenZiti