mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-15 23:16:36 +00:00
Add quickstart for private DNS behind routing peers, and consolidate DNS documentation. (#554)
This commit is contained in:
Jack Carter
@@ -161,6 +161,7 @@ export const docsNavigation = [
|
||||
title: 'DNS',
|
||||
isOpen: false,
|
||||
links: [
|
||||
{ title: 'Quickstart', href: '/manage/dns/private-dns-behind-routing-peers' },
|
||||
{ title: 'Overview', href: '/manage/dns' },
|
||||
{ title: 'Configuring Nameservers', href: '/manage/dns/nameserver-groups' },
|
||||
{ title: 'DNS Settings', href: '/manage/dns/dns-settings' },
|
||||
|
||||
@@ -274,6 +274,7 @@ When you assign a nameserver to distribution groups:
|
||||
|
||||
Now that you understand how NetBird handles DNS:
|
||||
|
||||
- **[Private DNS Behind Routing Peers](/manage/dns/private-dns-behind-routing-peers)** - Quickstart for DNS servers on private networks
|
||||
- **[Configure Nameservers](/manage/dns/nameserver-groups)** - Step-by-step setup guide
|
||||
- **[DNS Settings](/manage/dns/dns-settings)** - Control DNS management per group
|
||||
- **[Troubleshooting](/manage/dns/troubleshooting)** - Solve common DNS issues
|
||||
|
||||
@@ -369,13 +369,7 @@ Result: Uses DNS2 (more specific)
|
||||
|
||||
### Disabling DNS Management for Specific Groups
|
||||
|
||||
Some peers may need to keep their local DNS configuration (e.g., VPN requirements, corporate policy).
|
||||
|
||||
1. Go to **DNS Settings** (not Nameservers)
|
||||
2. Add groups to **Disabled Management Groups**
|
||||
3. Peers in these groups will ignore all NetBird DNS configuration
|
||||
|
||||
See [DNS Settings](/manage/dns/dns-settings) for details.
|
||||
Some peers may need to keep their local DNS configuration (e.g., VPN requirements, corporate policy). See [DNS Settings](/manage/dns/dns-settings) to disable DNS management for specific groups.
|
||||
|
||||
---
|
||||
|
||||
@@ -488,53 +482,9 @@ See [Troubleshooting](/manage/dns/troubleshooting) for more diagnostic commands.
|
||||
|
||||
---
|
||||
|
||||
## Advanced: Private DNS Behind Routing Peers
|
||||
|
||||
If your DNS server is on a private network accessible only through a routing peer, you need to set up network routes and access control in addition to the nameserver configuration.
|
||||
|
||||
### Scenario
|
||||
|
||||
You have:
|
||||
- **DNS server**: `192.168.0.32:53` on a private network
|
||||
- **Routing peer**: Can reach the `192.168.0.0/24` network
|
||||
- **Client peers**: Need to query this DNS through the routing peer
|
||||
|
||||
### Setup Requirements
|
||||
|
||||
#### 1. Configure the Nameserver
|
||||
|
||||
Create a nameserver pointing to your private DNS:
|
||||
- IP: `192.168.0.32`
|
||||
- Port: `53`
|
||||
- Distribution groups: Your client peer groups (e.g., "Remote Developers")
|
||||
|
||||
#### 2. Create a Network Route
|
||||
|
||||
Set up a network route so clients can reach the DNS server:
|
||||
- Network: `192.168.0.0/24`
|
||||
- Routing peer: The peer that can access this network
|
||||
- Distribution groups: Same as your nameserver (e.g., "Remote Developers")
|
||||
|
||||
#### 3. Configure Access Control
|
||||
|
||||
Create an access control rule allowing DNS traffic:
|
||||
- Source: Client groups (e.g., "Remote Developers")
|
||||
- Destination: Routing peer's group
|
||||
- Protocol: UDP
|
||||
- Port: 53
|
||||
|
||||
### DNS Forwarder Port
|
||||
|
||||
<Note>
|
||||
**Technical detail**: When using private DNS behind routing peers, NetBird uses a DNS forwarder on routing peers. Starting with v0.59.0, this forwarder uses port `22054` (changed from `5353`) to avoid collisions with mDNS. For backward compatibility, port `5353` is used if any peer in your account runs below v0.59.0.
|
||||
</Note>
|
||||
|
||||
This forwarder port is internal to NetBird's routing mechanism - you don't need to configure it, but may see it in logs or network traces.
|
||||
|
||||
---
|
||||
|
||||
## Next Steps
|
||||
|
||||
- **[Private DNS Behind Routing Peers](/manage/dns/private-dns-behind-routing-peers)** - Quickstart for DNS servers on private networks
|
||||
- **[DNS Settings](/manage/dns/dns-settings)** - Disable DNS management for specific groups
|
||||
- **[Troubleshooting](/manage/dns/troubleshooting)** - Fix common DNS issues
|
||||
- **[API Reference](/ipa/resources/dns)** - Automate with the API
|
||||
|
||||
72
src/pages/manage/dns/private-dns-behind-routing-peers.mdx
Normal file
72
src/pages/manage/dns/private-dns-behind-routing-peers.mdx
Normal file
@@ -0,0 +1,72 @@
|
||||
export const description = 'Quickstart guide for configuring private DNS servers behind routing peers'
|
||||
import {Note} from "@/components/mdx"
|
||||
|
||||
|
||||
# Quickstart: Private DNS Behind Routing Peers
|
||||
|
||||
If your DNS server is on a private network accessible only through a routing peer, you need to set up network routes and access control in addition to the nameserver configuration.
|
||||
|
||||
## Scenario
|
||||
|
||||
You have:
|
||||
- **DNS server**: `192.168.0.32:53` on a private network
|
||||
- **Routing peer**: Can reach the `192.168.0.0/24` network
|
||||
- **User peers**: Need to query this DNS through the routing peer
|
||||
|
||||
## Setup Steps
|
||||
|
||||
### Step 1: Configure the Nameserver
|
||||
|
||||
Create a nameserver pointing to your private DNS:
|
||||
- DNS - Nameservers - Add nameserver - Custom DNS
|
||||
- IP: `192.168.0.32`
|
||||
- Port: `53`
|
||||
- Distribution groups: Your user peer groups (e.g., "Remote Developers")
|
||||
|
||||
<Note>
|
||||
For detailed instructions on creating nameservers, see [Configuring Nameservers](/manage/dns/nameserver-groups).
|
||||
</Note>
|
||||
|
||||
### Step 2: Create a Network Route
|
||||
|
||||
Set up a NetBird Network so clients can reach the DNS server:
|
||||
- Networks - Add network
|
||||
- Network: e.g. "Office Network"
|
||||
- Add Resource: `192.168.0.32/32`
|
||||
- Distribution groups: Internal DNS
|
||||
- Routing peer: The always-on peer that can access this network
|
||||
|
||||
<Note>
|
||||
For detailed instructions on creating network routes, see [Routing Traffic to Private Networks](/manage/network-routes/routing-traffic-to-private-networks).
|
||||
</Note>
|
||||
|
||||
### Step 3: Configure Access Control
|
||||
|
||||
Create an access control rule allowing DNS traffic:
|
||||
- Source: User groups (e.g., "Remote Developers")
|
||||
- Destination: Internal DNS (the resource group)
|
||||
- Protocol: UDP
|
||||
- Port: 53
|
||||
|
||||
<Note>
|
||||
For detailed instructions on access control, see [Manage Network Access](/manage/access-control/manage-network-access).
|
||||
</Note>
|
||||
|
||||
## Technical Details
|
||||
|
||||
### DNS Forwarder Port
|
||||
|
||||
<Note>
|
||||
**Technical detail**: When using private DNS behind routing peers, NetBird uses a DNS forwarder on routing peers. Starting with v0.59.0, this forwarder uses port `22054` (changed from `5353`) to avoid collisions with mDNS. For backward compatibility, port `5353` is used if any peer in your account runs below v0.59.0.
|
||||
</Note>
|
||||
|
||||
This forwarder port is internal to NetBird's routing mechanism - you don't need to configure it, but may see it in logs or network traces.
|
||||
|
||||
---
|
||||
|
||||
## Next Steps
|
||||
|
||||
- **[Configuring Nameservers](/manage/dns/nameserver-groups)** - Learn more about DNS configuration
|
||||
- **[Network Routes](/manage/network-routes/routing-traffic-to-private-networks)** - Understand routing to private networks
|
||||
- **[Access Control](/manage/access-control/manage-network-access)** - Configure network access policies
|
||||
- **[DNS Troubleshooting](/manage/dns/troubleshooting)** - Fix common DNS issues
|
||||
Reference in New Issue
Block a user