https://netmaker.org logo
Join Discord
Powered by
What would be the recommended way for exposing a n...
# netmaker
m
What would be the recommended way for exposing a netmaker network's DNS to external clients?
j
you can set "default ext client dns" in the network settings by editing. Set this to the public IP of the netmaker server. Expose CoreDNS on port 53 of the machine. Then, any new ext client generated will have the IP added to dns settings. Also, if you have port_forward_services turned on in your server settings (env variables), it will forward port 53 on netmaker interfaces to coredns. This means you can use the private address of netmaker (e.g. 10.10.10.254) in the "default ext client dns"
m
Gotcha, so when setting default ext client dns, it'll set the DNS server that the client will query?
j
yes, but only for newly-generated ext clients. Existing ones will need to be re-generated
this basically just sets the DNS= field in a standard wg.conf file
m
gotcha, thanks
hmm, I manually added 
DNS = x.x.x.x
to my current ext client config but it broke my network connection. should I be going about it another way?
with 
x.x.x.x
being the public ipv4 of the netmaker server, and port 53 open
j
setting coredns as a public DNS server requires additional configuration beyond just opening port 53
m
yeah, I'm not bothered about it being a public server. is it possible to route only specific domain searches through the wireguard dns setting, so that it only queries 
machine.network
addresses?
j
i dont believe this is possible with pure wireguard config since this is split DNS
we do this on the netclient but for ext clients you would need your own implementation
m
bummer, modifying hosts file it is
on another note, is the https port used purely for the online ui or other functionalities also?
j
443 is used by the UI, API, and MQTT traffic
m
cool thanks
15 Views
PreviousNext
Powered by