Ziti getting zealous over dns

So I have a problem which I will explain that it is intermittent. I have looked in the logs and nothing sticks out. When I take my device from home (192.168.9.x)into work (192.168.250.x) I can surf the internet. I can connect to local services afaik. However some web apps will not connect or only work partially until I stop the ziti tunnel. Once connected In the web app I can start the tunnel again and work the rest of the day. The app is ConnectWise though I think has also happened with outlook once. With ConnectWise it fails through part of the SSO that it does. The logs are not showing anything. Is there a way to boost the verbosity of the logs and will it show what DNS it is intercepting? I have not experienced the issue when returning to home (where ziti lives).

I can try some wireshark magic but thought I would ask here first. I (assume) that they would not be using the 10.64.xxx network or whatever is being used by ziti for the SSO part( talks back to ConnectWise)

Yes. Main Menu -> Advanced Settings -> Set Logging Level -> Trace

image1983×533 86.1 KB

You'll see:

[2022-06-20T19:47:45.837Z]   TRACE tunnel-cbs:ziti_dns.c:640 on_dns_req() received DNS query q_len=48 id[63fc] recursive[false] type[1] name[mattermost.tools.netfoundry.io]
[2022-06-20T19:47:45.837Z]    INFO tunnel-cbs:ziti_dns.c:463 format_resp() found record[100.64.2.77] for query[1:mattermost.tools.netfoundry.io]

THANKFULLY NPcap/Wireshark fixed a bug in recent versions. Make sure you have NPcap 1.55+. I just updated now and picked up 1.60.

Also make sure you start Wireshark AFTER the tunneler starts. The startup process creates the WinTUN device and you need to refresh Wireshark or start it after ziti is running. If you do that though, you'll be able to see the packet in wireshark, probably at 100.64.0.2

image1133×138 7.89 KB