-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DnsClientNrptRule is being created on hosting service identity OS #971
Comments
Thanks @emoscardini - should be closed with #970 I merged it to 'main' -- meaning the next, "HA" branch. I have been leaning towards using the 'main' branch for ZDEW for a while, unless we find big issues, that's my plan |
Wow. That's awesome! |
As mentioned previously, I am using the "main" branch of the ziti-edge-tunnel for the upcoming ZDEW release after a soak period. The plan will be to update the release stream known as If you are interested in following the stream and being really brave with 'dripping wet' code you can configure automatic upgrades with the url: https://get.openziti.io/zdew/ctrlha-alpha.json. This version should have the current proposed fix for this issue in it. @emoscardini hasn't tested it yet for this issue, hopefully he can tomorrow our time. |
I would definitely switch to the alpha branch and will do tests to try a fround-robin HA DC setup and see how it goes! |
Actually - hold on. I forgot to follow-up here. I 2.5.0.6 won't have the latest tunneler for this issue. It'll be in 2.5.0.7 (i used the wrong ziti-edge-tunnel)... I'll follow up with 2.5.0.7 is published |
Got it! |
@nenkoru - 2.5.0.7 was just published. I confirmed versions before have an NRPT entry with Namespace for a "bind only" service, and 2.5.0.7 no longer should. If you could test and verify - that'll be much appreciated |
Thank you @dovholuknf I have confirmed in my setup that everything is working as expected now. The hosting side is no longer creating the NrptRule & queries are flowing without making any adjustments. |
@emoscardini reported logging it no longer logging... i noticed that too and @scareything has a fix... 2.5.0.8 will be coming shortly... :D |
Well we got logs back in 2.5.0.8, but with the latest updates to the ZDEW monitor service, the logs are now getting filled with extraneous log messages from the monitor... 2.5.0.9 ZDEW will come tomorrow... I'm going to close this issue though because the original issue is actually fixed... |
Setup:
WDE installed on a DC hosting a service.
WDE installed on a remote machine that needs to join the domain & is intercepting a wildcard service. Expects SRV records to resolve from the remote side. Using a command like
Resolve-DnsName _ldap._tcp.dc._msdcs.ziti.contoso.com -Type SRV
to test.Issue:
While hosting using WDE, a DnsClientNrptRule is inserted for the service.
Expected behavior:
A DnsClientNrptRule should only be created if the identity is intercepting a specified service not hosting it.
See WDE Breaks Windows DNS on DC for more details
The text was updated successfully, but these errors were encountered: