https://netmaker.org logo
#netmaker
Title
# netmaker
m

melodic-spring-45645

07/04/2022, 2:09 PM
What would be the recommended way for exposing a netmaker network's DNS to external clients?
j

jolly-london-20127

07/05/2022, 4:22 PM
you can set "default ext client dns" in the network settings by editing. Set this to the public IP of the netmaker server. Expose CoreDNS on port 53 of the machine. Then, any new ext client generated will have the IP added to dns settings. Also, if you have port_forward_services turned on in your server settings (env variables), it will forward port 53 on netmaker interfaces to coredns. This means you can use the private address of netmaker (e.g. 10.10.10.254) in the "default ext client dns"
m

melodic-spring-45645

07/05/2022, 4:24 PM
Gotcha, so when setting default ext client dns, it'll set the DNS server that the client will query?
j

jolly-london-20127

07/05/2022, 4:24 PM
yes, but only for newly-generated ext clients. Existing ones will need to be re-generated
this basically just sets the DNS= field in a standard wg.conf file
m

melodic-spring-45645

07/05/2022, 4:25 PM
gotcha, thanks
hmm, I manually added
DNS = x.x.x.x
to my current ext client config but it broke my network connection. should I be going about it another way?
with
x.x.x.x
being the public ipv4 of the netmaker server, and port 53 open
j

jolly-london-20127

07/05/2022, 4:32 PM
setting coredns as a public DNS server requires additional configuration beyond just opening port 53
m

melodic-spring-45645

07/05/2022, 4:35 PM
yeah, I'm not bothered about it being a public server. is it possible to route only specific domain searches through the wireguard dns setting, so that it only queries
machine.network
addresses?
j

jolly-london-20127

07/05/2022, 4:38 PM
i dont believe this is possible with pure wireguard config since this is split DNS
we do this on the netclient but for ext clients you would need your own implementation
m

melodic-spring-45645

07/05/2022, 4:40 PM
bummer, modifying hosts file it is
on another note, is the https port used purely for the online ui or other functionalities also?
j

jolly-london-20127

07/05/2022, 4:45 PM
443 is used by the UI, API, and MQTT traffic
m

melodic-spring-45645

07/05/2022, 5:00 PM
cool thanks
2 Views