Does OpenZiti support Private DNS Zones?

Currently, we are using Twingate, but it doesn’t support Private Route53 Zones, it’s not possible to tell Twingate to use custom DNS server instead of server on host where client is running.

Is it supported by OpenZiti?

Our use-case:

Currently we have Public Route53 Zone for example.org which mostly contains records for our internal services. We created Private Zone for the same domain and moved all “internal” records there. But since Twingate client uses host’s DNS resolver and this resolver uses public DNS servers, the client is not able to resolve any address.

It works fine in case resources are defined as FQDN, because in this case the client knows about the resource. But we also have resources as subnet ranges, e.g. 10.21.0.0/16, and we have DNS records like drtest.backend.prod.example.org pointing to 10.21.4.177. In case this record exits in Public DNS Zone all works, but in case it exists only in Private Zone it doesn’t because Twingate can’t resolve this name.

Can OpenZiti help us here?

OpenZiti can definitely help with the following setup:

• hosting tunneler sitting inside your private zone (able to resolve from private r53)
• intercepting tunneler outside of private zone (your desktop, phone, etc)
• define a service with intercept.v1 for your private DNS names and options to forward protocol/address/port turned on -- this can even have the wildcard to make it easier like *.backend.prod.example.org

P.S. Welcome to t OpenZiti community, @DenisBY ! Sorry I didn't realize this is your first post and you may need more details. Let us know if you have any questions