Hello,
By dns “auto-injection”, I assume you mean how ziti-edge-tunnel sets itself up as a dns server with the host’s resolver system? If so there currently is no way to disable it. While it shouldn’t be technically difficult to optionally integrate the DNS server with the host’s resolver, supporting such an option could lead to supportability issues for us if someone uses DNS names in their intercept configuration and somehow stumbles onto this option.
I’m very interested in the problems that you’re having - e.g. the reason that you want to disable the DNS server (assuming that’s what you actually want). Hopefully we can get to the bottom of it and address whatever issue you’re seeing. So please provide more info on that if you’re inclined.
With that said, the DNS server IP can be modified, albeit in what may seem like a roundabout way. The DNS IP is always the IP that is assigned to the tun device + 1, and the tun IP is the first IP in the DNS IP range.
The DNS IP range defaults to 100.64.0.1/10, and it can be overridden with the --dns-ip-range
command-line option. Here’s what the IPs look like with the default dns IP range:
$ ip addr show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 100.64.0.1/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::43ec:b6e1:b8bd:a112/64 scope link stable-privacy
valid_lft forever preferred_lft forever
$ resolvectl dns
Global:
Link 2 (enp0s5): 10.211.55.1 fe80::21c:42ff:fe00:18%5439487
Link 4 (tun0): 100.64.0.2
There have been some changes in this area recently, and if you’re seeing a DNS IP of “100.64.0.1” then I suspect you’re a couple of revs back or something unexpected is happening with the IP calculation.