Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DnsClientNrptRule is being created on hosting service identity OS #971

Closed
emoscardini opened this issue Sep 17, 2024 · 10 comments
Closed

DnsClientNrptRule is being created on hosting service identity OS #971

emoscardini opened this issue Sep 17, 2024 · 10 comments

Comments

@emoscardini
Copy link

Setup:

WDE installed on a DC hosting a service.
WDE installed on a remote machine that needs to join the domain & is intercepting a wildcard service. Expects SRV records to resolve from the remote side. Using a command like Resolve-DnsName _ldap._tcp.dc._msdcs.ziti.contoso.com -Type SRV to test.

Issue:
While hosting using WDE, a DnsClientNrptRule is inserted for the service.

Expected behavior:

A DnsClientNrptRule should only be created if the identity is intercepting a specified service not hosting it.

See WDE Breaks Windows DNS on DC for more details
@dovholuknf
Copy link
Member

Thanks @emoscardini - should be closed with #970

I merged it to 'main' -- meaning the next, "HA" branch. I have been leaning towards using the 'main' branch for ZDEW for a while, unless we find big issues, that's my plan

@nenkoru
Copy link

nenkoru commented Sep 17, 2024

Wow. That's awesome!
Thank you @dovholuknf and @emoscardini for a fast root cause analysis and a fix for this!!!

@dovholuknf
Copy link
Member

As mentioned previously, I am using the "main" branch of the ziti-edge-tunnel for the upcoming ZDEW release after a soak period. The plan will be to update the release stream known as ctrlha-alpha (https://get.openziti.io/zdew/ctrlha-alpha.json) for a few days. Me and @emoscardini are using this stream as our daily driver. Hopefully, any huge issues we'll hit quickly. After that it'll be promoted to the beta stream. After that to the latest stream and after soaking for a while in 'latest', I'll promote it to stable. I'm unsure of the exact timeframe for the promotions but if you are interested you can grab the 2.5.0.6 release of the ZDEW from the alpha release I just created here https://github.com/openziti/desktop-edge-win/releases/tag/2.5.0.6-alpha

If you are interested in following the stream and being really brave with 'dripping wet' code you can configure automatic upgrades with the url: https://get.openziti.io/zdew/ctrlha-alpha.json. This version should have the current proposed fix for this issue in it. @emoscardini hasn't tested it yet for this issue, hopefully he can tomorrow our time.
image

@nenkoru
Copy link

nenkoru commented Sep 18, 2024
edited
Loading

As mentioned previously, I am using the "main" branch of the ziti-edge-tunnel for the upcoming ZDEW release after a soak period. The plan will be to update the release stream known as ctrlha-alpha (https://get.openziti.io/zdew/ctrlha-alpha.json) for a few days. Me and @emoscardini are using this stream as our daily driver. Hopefully, any huge issues we'll hit quickly. After that it'll be promoted to the beta stream. After that to the latest stream and after soaking for a while in 'latest', I'll promote it to stable. I'm unsure of the exact timeframe for the promotions but if you are interested you can grab the 2.5.0.6 release of the ZDEW from the alpha release I just created here https://github.com/openziti/desktop-edge-win/releases/tag/2.5.0.6-alpha

If you are interested in following the stream and being really brave with 'dripping wet' code you can configure automatic upgrades with the url: https://get.openziti.io/zdew/ctrlha-alpha.json. This version should have the current proposed fix for this issue in it. @emoscardini hasn't tested it yet for this issue, hopefully he can tomorrow our time. image

I would definitely switch to the alpha branch and will do tests to try a fround-robin HA DC setup and see how it goes!
Thank you once more!

@dovholuknf
Copy link
Member

dovholuknf commented Sep 18, 2024
edited
Loading

Actually - hold on. I forgot to follow-up here. I 2.5.0.6 won't have the latest tunneler for this issue. It'll be in 2.5.0.7 (i used the wrong ziti-edge-tunnel)... I'll follow up with 2.5.0.7 is published

@nenkoru
Copy link

nenkoru commented Sep 18, 2024

Actually - hold on. I forgot to follow-up here. I 2.5.0.6 won't have the latest tunneler for this issue. It'll be in 2.5.0.7 (i used the wrong ziti-edge-tunnel)... I'll follow up with 2.5.0.7 is published

Got it!

@dovholuknf
Copy link
Member

@nenkoru - 2.5.0.7 was just published. I confirmed versions before have an NRPT entry with Namespace for a "bind only" service, and 2.5.0.7 no longer should.

If you could test and verify - that'll be much appreciated

image

@emoscardini
Copy link
Author

Thank you @dovholuknf I have confirmed in my setup that everything is working as expected now. The hosting side is no longer creating the NrptRule & queries are flowing without making any adjustments.

@dovholuknf
Copy link
Member

@emoscardini reported logging it no longer logging... i noticed that too and @scareything has a fix... 2.5.0.8 will be coming shortly... :D

@dovholuknf
Copy link
Member

Well we got logs back in 2.5.0.8, but with the latest updates to the ZDEW monitor service, the logs are now getting filled with extraneous log messages from the monitor... 2.5.0.9 ZDEW will come tomorrow... I'm going to close this issue though because the original issue is actually fixed...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dovholuknf @nenkoru @emoscardini