ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier Question

    Scheduled Pinned Locked Moved IT Discussion
    zerotier
    279 Posts 9 Posters 196.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @dafyre
      last edited by

      @dafyre said in ZeroTier Question:

      @JaredBusch said in ZeroTier Question:

      @adam.ierymenko said in ZeroTier Question:

      DNS is fundamentally not designed for concurrent use on more than one network.

      This exactly. And the problem is that people keep trying to make it do it.

      While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

      That is most certainly not an easy fix. You are saying that the entire DNS design be rewrote, discussed, tested, ratified, and then rolled out to every device on the planet that uses DNS.

      Hello, reality much?

      dafyreD 1 Reply Last reply Reply Quote 1
      • J
        Jason Banned @dafyre
        last edited by

        @dafyre said in ZeroTier Question:

        @JaredBusch said in ZeroTier Question:

        @adam.ierymenko said in ZeroTier Question:

        DNS is fundamentally not designed for concurrent use on more than one network.

        This exactly. And the problem is that people keep trying to make it do it.

        While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

        There is a huge difference here, DHCP is handing out requests in their respective scopes to allow network communications beyond layer 2.

        DNS allows things to be found and Unifies Networks, It's assumed there there is routing setup between any and all the network in DNS, DNS is not "smart" in anyway it just response back with what it knows. It doesn't care who's asking.. What you are saying is filtering DNS based on subnet and that gets very complex and likely will be cases where it causes issues.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @dafyre
          last edited by

          @dafyre said in ZeroTier Question:

          ... that can cause issues with DNS giving out internal IP addresses rather than ZT IP addresses ...

          I think it is better to think of them as the "underlying" IP addresses.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in ZeroTier Question:

            @adam-ierymenko
            I have to assume this DNS problem exists for everyone, not just windows domains.

            You're on a linux laptop at star bucks. You want to access resources that are only known by internal DNS within your organization. So the DNS requests must be sent to the companies internal DNS first. If that server fails, then failover to the DNS provided by Star Bucks.

            But why? DNS works just fine as it is. Why would you want to "failover" to another DNS server? If the internal DNS fails to find what you are looking for, it should not exist. Under what situation would you look up an address that your own DNS server cannot find? And if your own DNS server can't find it, why would you want Starbuck's insecure DNS server returning things transparently to your end users as if it had returned something? that's a security issue that DNS doesn't have today.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              The above idea would be a client side work around to domain overriding and the authoritative domains system. It would bypass security systems and be dangerous. It would mean that things like OpenDNS could not work.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @dafyre
                last edited by

                @dafyre said in ZeroTier Question:

                @JaredBusch said in ZeroTier Question:

                @adam.ierymenko said in ZeroTier Question:

                DNS is fundamentally not designed for concurrent use on more than one network.

                This exactly. And the problem is that people keep trying to make it do it.

                While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

                Separate out in what way? How would you define it? DNS has a very rigid and reliable structure today that was designed carefully. DNS servers can, if you want to get one that can be modified, hand out different responses based on different request criteria today, but no one does this as it's so uncommonly needed. There are better fixes to nearly any host resolution issue.

                dafyreD 1 Reply Last reply Reply Quote 0
                • dafyreD
                  dafyre @scottalanmiller
                  last edited by dafyre

                  @scottalanmiller said in ZeroTier Question:

                  @dafyre said in ZeroTier Question:

                  @JaredBusch said in ZeroTier Question:

                  @adam.ierymenko said in ZeroTier Question:

                  DNS is fundamentally not designed for concurrent use on more than one network.

                  This exactly. And the problem is that people keep trying to make it do it.

                  While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

                  Separate out in what way? How would you define it? DNS has a very rigid and reliable structure today that was designed carefully. DNS servers can, if you want to get one that can be modified, hand out different responses based on different request criteria today, but no one does this as it's so uncommonly needed. There are better fixes to nearly any host resolution issue.

                  I could have better worded that... a DHCP Server adjusts its responses based on incoming criteria... If it comes in on ETH1, then give out 192.168.10.x ... If it comes in on ETH2, give out 192.168.99.x (or VLANs or what-not).

                  You just said what I said... DNS servers could be modified to do this. While it may be uncommonly needed...I can see uses in just about every IT job I've had.

                  1 Reply Last reply Reply Quote 0
                  • dafyreD
                    dafyre @JaredBusch
                    last edited by

                    @JaredBusch said in ZeroTier Question:

                    @dafyre said in ZeroTier Question:

                    @JaredBusch said in ZeroTier Question:

                    @adam.ierymenko said in ZeroTier Question:

                    DNS is fundamentally not designed for concurrent use on more than one network.

                    This exactly. And the problem is that people keep trying to make it do it.

                    While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

                    That is most certainly not an easy fix. You are saying that the entire DNS design be rewrote, discussed, tested, ratified, and then rolled out to every device on the planet that uses DNS.

                    Hello, reality much?

                    If I were a programmer, I'd fix it for you. That is also why I specified it is PROGRAMAATICALLY not that different or difficult. And I'm not talking about rewriting the entire DNS RFC or anything like that. I am speaking to specific software based features. Software can be modified without having to rewrite the entire protocol stack from scratch.

                    You start talking about ratification and all that mess, that's for the paper pushers and think tanks. I've no interest in that, I am simply talking about adding a feature into a piece of software... If every other device on the planet wants to keep doing DNS the old way, it doesn't break anything.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @dafyre
                      last edited by

                      @dafyre said in ZeroTier Question:

                      @JaredBusch said in ZeroTier Question:

                      @dafyre said in ZeroTier Question:

                      @JaredBusch said in ZeroTier Question:

                      @adam.ierymenko said in ZeroTier Question:

                      DNS is fundamentally not designed for concurrent use on more than one network.

                      This exactly. And the problem is that people keep trying to make it do it.

                      While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

                      That is most certainly not an easy fix. You are saying that the entire DNS design be rewrote, discussed, tested, ratified, and then rolled out to every device on the planet that uses DNS.

                      Hello, reality much?

                      If I were a programmer, I'd fix it for you. That is also why I specified it is PROGRAMAATICALLY not that different or difficult. And I'm not talking about rewriting the entire DNS RFC or anything like that. I am speaking to specific software based features. Software can be modified without having to rewrite the entire protocol stack from scratch.

                      You start talking about ratification and all that mess, that's for the paper pushers and think tanks. I've no interest in that, I am simply talking about adding a feature into a piece of software... If every other device on the planet wants to keep doing DNS the old way, it doesn't break anything.

                      Well in that case, you're talking about ZT installing it's own DNS solution that your machine is forced to use, and removing the responsibility from typical DNS servers - but I don't know how that would work either... so now I think I hear you saying that ZT would need to make a stand alone ZT DNS server that knows how to response correctly - one of these solutions is kinda what Pertino did.

                      dafyreD 1 Reply Last reply Reply Quote 0
                      • WLS-ITGuyW
                        WLS-ITGuy @scottalanmiller
                        last edited by

                        @scottalanmiller said in ZeroTier Question:

                        @WLS-ITGuy said in ZeroTier Question:

                        I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                        And hosts files work great, too.

                        So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                        As I have never messed with Host file records, how does one put a pointer in there?

                        <A Record name> <ZT IP ADDRESS>

                        ?

                        dafyreD DashrenderD 2 Replies Last reply Reply Quote 0
                        • dafyreD
                          dafyre @Dashrender
                          last edited by

                          @Dashrender said in ZeroTier Question:

                          @dafyre said in ZeroTier Question:

                          @JaredBusch said in ZeroTier Question:

                          @dafyre said in ZeroTier Question:

                          @JaredBusch said in ZeroTier Question:

                          @adam.ierymenko said in ZeroTier Question:

                          DNS is fundamentally not designed for concurrent use on more than one network.

                          This exactly. And the problem is that people keep trying to make it do it.

                          While I do not disagree with you... The problem is (at least in my opinion) an easy to fix problem... Give the DNS the ability to separate stuff out... a DHCP server can do it... why not DNS? Programatically, it's not that different (not the same, by any stretch of the imagination)... but definitely doable.

                          That is most certainly not an easy fix. You are saying that the entire DNS design be rewrote, discussed, tested, ratified, and then rolled out to every device on the planet that uses DNS.

                          Hello, reality much?

                          If I were a programmer, I'd fix it for you. That is also why I specified it is PROGRAMAATICALLY not that different or difficult. And I'm not talking about rewriting the entire DNS RFC or anything like that. I am speaking to specific software based features. Software can be modified without having to rewrite the entire protocol stack from scratch.

                          You start talking about ratification and all that mess, that's for the paper pushers and think tanks. I've no interest in that, I am simply talking about adding a feature into a piece of software... If every other device on the planet wants to keep doing DNS the old way, it doesn't break anything.

                          Well in that case, you're talking about ZT installing it's own DNS solution that your machine is forced to use, and removing the responsibility from typical DNS servers - but I don't know how that would work either... so now I think I hear you saying that ZT would need to make a stand alone ZT DNS server that knows how to response correctly - one of these solutions is kinda what Pertino did.

                          It seems like I remember a few Pertino folks on here having some issues with Pertino and DNS...

                          I'm not talking about having ZT write their own dns solution. I'm talking about modifying existing software to fix problems like this... Microsoft calls it DNS Policies and it's coming in Server 2016 (https://blogs.technet.microsoft.com/networking/2015/05/12/split-brain-dns-deployment-using-windows-dns-server-policies/)

                          1 Reply Last reply Reply Quote 0
                          • dafyreD
                            dafyre @WLS-ITGuy
                            last edited by

                            @WLS-ITGuy said in ZeroTier Question:

                            @scottalanmiller said in ZeroTier Question:

                            @WLS-ITGuy said in ZeroTier Question:

                            I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                            And hosts files work great, too.

                            So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                            As I have never messed with Host file records, how does one put a pointer in there?

                            <A Record name> <ZT IP ADDRESS>

                            ?

                            In Windows, it goes the other way...

                            zt_ip_address hostname.mydomain.org

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @dafyre
                              last edited by

                              @dafyre said in ZeroTier Question:

                              @WLS-ITGuy said in ZeroTier Question:

                              @scottalanmiller said in ZeroTier Question:

                              @WLS-ITGuy said in ZeroTier Question:

                              I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                              And hosts files work great, too.

                              So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                              As I have never messed with Host file records, how does one put a pointer in there?

                              <A Record name> <ZT IP ADDRESS>

                              ?

                              In Windows, it goes the other way...

                              zt_ip_address hostname.mydomain.org

                              Same anywhere, it's a standard.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @WLS-ITGuy
                                last edited by

                                @WLS-ITGuy said in ZeroTier Question:

                                @scottalanmiller said in ZeroTier Question:

                                @WLS-ITGuy said in ZeroTier Question:

                                I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                                And hosts files work great, too.

                                So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                                As I have never messed with Host file records, how does one put a pointer in there?

                                <A Record name> <ZT IP ADDRESS>

                                ?

                                Do you have time to trouble shoot this today? I'm really curious to find out what is giving you the DNS replies you are getting.

                                WLS-ITGuyW 1 Reply Last reply Reply Quote 1
                                • WLS-ITGuyW
                                  WLS-ITGuy @Dashrender
                                  last edited by

                                  @Dashrender said in ZeroTier Question:

                                  @WLS-ITGuy said in ZeroTier Question:

                                  @scottalanmiller said in ZeroTier Question:

                                  @WLS-ITGuy said in ZeroTier Question:

                                  I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                                  And hosts files work great, too.

                                  So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                                  As I have never messed with Host file records, how does one put a pointer in there?

                                  <A Record name> <ZT IP ADDRESS>

                                  ?

                                  Do you have time to trouble shoot this today? I'm really curious to find out what is giving you the DNS replies you are getting.

                                  I have held off on making the hosts file change. As it was my error, I forgot to save the change to his ZT nic

                                  dafyreD 1 Reply Last reply Reply Quote 1
                                  • dafyreD
                                    dafyre @WLS-ITGuy
                                    last edited by

                                    @WLS-ITGuy said in ZeroTier Question:

                                    @Dashrender said in ZeroTier Question:

                                    @WLS-ITGuy said in ZeroTier Question:

                                    @scottalanmiller said in ZeroTier Question:

                                    @WLS-ITGuy said in ZeroTier Question:

                                    I suppose my other option is to do mapped drives via ZT IP address and remove the static DNS.

                                    And hosts files work great, too.

                                    So I am getting a few users (2 to be exact) who are still experiencing issues. I made the A record for the exchange server, and verified that it indeed has ZT on it.

                                    As I have never messed with Host file records, how does one put a pointer in there?

                                    <A Record name> <ZT IP ADDRESS>

                                    ?

                                    Do you have time to trouble shoot this today? I'm really curious to find out what is giving you the DNS replies you are getting.

                                    I have held off on making the hosts file change. As it was my error, I forgot to save the change to his ZT nic

                                    Whoops!

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      That might do it 😉

                                      1 Reply Last reply Reply Quote 0
                                      • WLS-ITGuyW
                                        WLS-ITGuy
                                        last edited by

                                        A little explanation of our LAN. We have 3 VLAN's

                                        Wired - 172.16.1.x
                                        Secured Wireless - 172.17.1.x
                                        Student/Guest - 172.18.1.x

                                        Those that are on the Student/Guest VLAN are saying that exchange/OWA is slow. I would imagine that this is because of the A records I put in for the Exchange Server. No one reports any issues on the Wired/Secured Wireless connections.

                                        Any thoughts?

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @WLS-ITGuy
                                          last edited by

                                          @WLS-ITGuy said in ZeroTier Question:

                                          A little explanation of our LAN. We have 3 VLAN's

                                          Wired - 172.16.1.x
                                          Secured Wireless - 172.17.1.x
                                          Student/Guest - 172.18.1.x

                                          Those that are on the Student/Guest VLAN are saying that exchange/OWA is slow. I would imagine that this is because of the A records I put in for the Exchange Server. No one reports any issues on the Wired/Secured Wireless connections.

                                          Any thoughts?

                                          Any reason that the guest network needs access to the internal DNS server?

                                          dafyreD 1 Reply Last reply Reply Quote 1
                                          • dafyreD
                                            dafyre @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in ZeroTier Question:

                                            @WLS-ITGuy said in ZeroTier Question:

                                            A little explanation of our LAN. We have 3 VLAN's

                                            Wired - 172.16.1.x
                                            Secured Wireless - 172.17.1.x
                                            Student/Guest - 172.18.1.x

                                            Those that are on the Student/Guest VLAN are saying that exchange/OWA is slow. I would imagine that this is because of the A records I put in for the Exchange Server. No one reports any issues on the Wired/Secured Wireless connections.

                                            Any thoughts?

                                            Any reason that the guest network needs access to the internal DNS server?

                                            It sounds like he may be working for a school or something.... They probably have need of a few internal resources. 🙂

                                            scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 8
                                            • 9
                                            • 10
                                            • 11
                                            • 12
                                            • 13
                                            • 14
                                            • 10 / 14
                                            • First post
                                              Last post