Disclaimer: I know nothing about Rust, Rust programming, Cargo, Rust and such; this could well be entirely my fault, please be lenient.

I was trying to setup this in a container (FROM rust:alpine), but standard zeronsd start -d <domain> <network-id> simply exited with an uninformative "Segmentation fault" error.

I then made a VirualBox VM with the same content as Docker Container, compiled with debugging symbols and fired-up rust-gdb --args /home/mcondarelli/zeronsd/target/debug/zeronsd start ... Sure enough I got the same error.

alpine:~# ./start.zeronsd.sh 
GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/mcondarelli/zeronsd/target/debug/zeronsd...
(gdb) r
Starting program: /home/mcondarelli/zeronsd/target/debug/zeronsd start -d <domain> <network-id>
[New LWP 12918]

Thread 1 "zeronsd" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007ffff76ffc7a in openssl::ssl::SslMethod::tls () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.35/src/ssl/mod.rs:324
#2  0x00007ffff76f53c2 in native_tls::imp::TlsConnector::new (builder=0x7ffffffedcc0) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/imp/openssl.rs:257
#3  0x00007ffff76f6c32 in native_tls::TlsConnectorBuilder::build (self=0x7ffffffedcc0) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/lib.rs:433
#4  0x00007ffff75e26e0 in reqwest::connect::Connector::new_default_tls<core::option::Option<std::net::ip::IpAddr>> (http=..., tls=..., proxies=Arc(strong=2, weak=0) = {...}, user_agent=..., 
    local_addr=<error reading variable: Cannot access memory at address 0x0>, nodelay=true) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/connect.rs:220
#5  0x00007ffff75b57ed in reqwest::async_impl::client::ClientBuilder::build (self=...) at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/async_impl/client.rs:253
#6  0x00007ffff75b654d in reqwest::async_impl::client::Client::new () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/reqwest-0.11.4/src/async_impl/client.rs:1088
#7  0x00007ffff75235cc in zerotier_central_api::apis::configuration::{{impl}}::default () at /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/zerotier-central-api-1.0.2/src/apis/configuration.rs:45
#8  0x00007ffff70603a2 in zeronsd::utils::central_config (token=<error reading variable: Cannot access memory at address 0x5>) at src/utils.rs:21
#9  0x00007ffff6fc0f36 in zeronsd::start (args=0x7ffff8002e38) at src/main.rs:60
#10 0x00007ffff6fc4856 in zeronsd::main () at src/main.rs:211
(gdb) 

An attempt to follow initialization seems to crash when stepping into /usr/local/cargo/registry/src/github.com-1ecc6299db9ec823/native-tls-0.2.7/src/imp/openssl.rs#94 ..> ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);.

What am I doing so wrong?

On zeronsd startup I'm hitting this error:

ERROR - error syncing members: error in serde: invalid value: integer `4294967295`, expected i32 at line 1 column 5850

The rule I have causing this problem:

# Create a tag for which group someone is in
tag group
  id 1000
  default 0
  flag 0 productivity
  flag 1 homelab_mgmt
  flag 2 gaming
  flag 3 media
  enum 4294967295 everything    # max uint, catches all flags
;

In case it isn't clear, what I'm trying to accomplish is having a dropdown value that, when tand'd with any set of flags, is always positive. The rule that makes use of it:

# Drop any traffic between computers that don't share at least one group
break
  tand group 0
;

The ZeroTier Rules Engine documentation states:

[enum ] # value can be any 32-bit unsigned integer

So I believe something is mistyped in zeronsd and should be u32 instead of i32?

For now I am easily working around this by changing the enum to 2147483647, which is u31 effectively and fit's in a i32. (so it'll match flags 0-30, but not flag 31).

Hi!

It'd be cool to be able to see the names of everything on the network without having to go to Central. We talked about allowing AXFR from localhost and that makes sense. But I also think allowing it for the whole zerotier subnet makes sense too for some uses at least, like the home lab type network. So behind a flag?

For example, I'm going to be running zeronsd on some server, but spending most of my time working and administrating stuff from a laptop, and I can never remember the names of things.

I just saw on the trust-dns readme AXFR is an on/off thing at the moment. No limiting by address.

Other options would be.. Host as hostsfile or something on some http endpoint in zeronsd, which seems less good.

What's a good flow rule to include at the top of our rules if we want DNS queries against zeronsd to always resolve for everyone in the ZT network?

I've tried two approaches and neither work for some reason.

Approach 1 - Allow UDP on port 53 destined for my zeronsd server:

accept
  ztdest <zeronsd vl1 addr>
  and dport 53
  and ipprotocol udp
;

Approach 2 - From ZT docs, allow UDP server traffic:

tag udpserver
  id 1001
  default 0
  flag 0 is_udp_server
;

# Accept UDP traffic if the value of the udpserver tag is
# 1 when both sender and receiver tags are ORed together, 
# or if UDP traffic is multicast. This allows multicast mDNS 
# and Netbios announcements and allows UDP traffic to and 
# from UDP servers, but prohibits other horizontal UDP traffic.
accept
  ipprotocol udp
  and tor udpserver 1
  or chr multicast
;

break ipprotocol udp;

I'm testing with:

$ dig +short @<ZERONSD-ZT-IP> machine.in.my.zt.domain
;; connection timed out; no servers could be reached

👋 Coming over from Reddit. 😅 (I put together ZeroDNS.)

ZeroNS appears to resolve one of my goals with ZeroDNS – name resolution of ZeroTier peers. However, the other goal seems unsolved: allowing a Docker Compose stack to make use of said name resolution.

Maybe this is my networking ignorance showing – but would it make sense to have an edition of ZeroNS that runs within a Docker container, as well?

e.g. I currently have a few compose stacks that use a ZeroDNS container as their network router (via networks: ["container:zerodns"], or equivalent).

(May also be worth noting this is without setting up ZeroNS locally – I won't be able to get to this for a few days.)

(Also, I'm willing to take this up in the future; just inquiring at the moment.)

Hi, I have been using zerotier for a while on my private network and just started to deploy zeronsd.

I followed the official zeronsd documentation as well as referring to Alan Norbauer's notes for set-up

• https://docs.zerotier.com/zeronsd/quickstart/
• https://alan.norbauer.com/articles/zerons-setup

Here are my configurations (all 3 nodes listed below are under different physical network)

| | Home Server | Office Client | Mobile Phone | | ------ | ------------------ | ------------------ | ------------------- | | OS | Debian 11.3 | Ubuntu 20.04 | Android 11 | | ZeroTier Version | v1.10.1 | v1.10.1 | v1.8.9-1 | | allownDNS | 1 | 1 | "Network DNS" tab chosen when joining network | | ZeroTier IP | 172.27.27.27 | 172.27.50.50 | 172.27.200.10 | | Zerotier Systemd Manager Version | v0.3.1 | N/A | N/A | | ZeroNSD Version | v0.5.2 | N/A | N/A | | ZeroNSD Domain | sv.myowndomain.com | dt.myowndomain.com | mob.myowndomain.com |

myowndomain.com is my own domain registered at Godaddy.com but no public DNS settings done there (just registered).

• What I can do
  • Can ping each other using ZeroTier IPs
  • Can access web services (http, samba, etc) deployed on Home Server from Office Client and Mobile Phone using ZeroTier IP
  • Can see myowndomain.com automatically filled in Search Domain and 172.27.27.27 listed in Servers in ZeroTier Web Settings page
  • Can dig each other, e.g.

dig on Home Server (Debian)

> dig +short @172.27.27.27 sv.myowndomain.com
172.27.27.27
> dig +short @172.27.27.27 dt.myowndomain.com
172.27.50.50
> dig +short @172.27.27.27 mob.myowndomain.com
172.27.200.10

dig on Office Client (Ubuntu)

> dig +short @172.27.27.27 sv.myowndomain.com
172.27.27.27
> dig +short @172.27.27.27 dt.myowndomain.com
172.27.50.50
> dig +short @172.27.27.27 mob.myowndomain.com
172.27.200.10

• What I CANNOT do
  • Cannot ping each other (even itself) using ZeroNSD domains, nor can access web services on the server using domain

> ping sv.myowndomain.com
ping: sv.myowndomain.com: Name or service not known
> ping dt.myowndomain.com
ping: dt.myowndomain.com: Name or service not known

Any help would be highly appreciated! Thanks!

• zerotier container running and connected to the network
• zeronsd container running
• ~~2nd client windows with allow dns checked, but the interface does not have the dns server on it~~ NRPT works
• ping works from both clients
• resolving from both clients does not work

If anything else is needed, please ask and I will add it here and on the gist.

Output of dig, nslookup, container, etc https://gist.github.com/Kegelcizer/0bbba2ab8e95c5a965337edf69e064dd

1. The Cargo.lock is not updated, so --locked can't be used with cargo build:

error: the lock file (...)/zeronsd-0.4.1/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.

This makes the package non-reproducible, because it forces the builder to update the dependencies with cargo update on every build. More info: https://wiki.archlinux.org/title/Rust_package_guidelines#Prepare

2. If the deps are updated, one of the subsequent tests fails:

running 9 tests
test tests::test_central_token ... ok
test tests::test_central_token_panic - should panic ... ok
test tests::test_domain_or_default ... ok
test tests::test_parse_ip_from_cidr ... ok
test tests::test_supervise_systemd_green ... FAILED
test tests::test_parse_hosts_duplicate ... ok
test tests::test_supervise_systemd_red ... ok
test tests::test_parse_hosts ... ok
test tests::test_parse_member_name ... ok

failures:

---- tests::test_supervise_systemd_green stdout ----
thread 'tests::test_supervise_systemd_green' panicked at 'assertion failed: `(left == right)`
  left: `"\n[Unit]\nDescription=zeronsd for network 1234567891011121\nRequires=zerotier-one.service\nAfter=zerotier-one.service\n\n[Service]\nType=simple\nExecStart=zeronsd start -t /proc/cpuinfo 1234567891011121\nTimeoutStopSec=30\nRestart=always\n\n[Install]\nWantedBy=default.target\n"`,
 right: `"\n[Unit]\nDescription=zeronsd for network 1234567891011121\nRequires=zerotier-one.service\nAfter=zerotier-one.service\n\n[Service]\nType=simple\nExecStart=zeronsd start -t /proc/cpuinfo 1234567891011121\nTimeoutStopSec=30\n\n[Install]\nWantedBy=default.target\n"`: basic', src/tests.rs:171:13


failures:
    tests::test_supervise_systemd_green

test result: FAILED. 8 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.05s

error: test failed, to rerun pass '--lib'

I have zeronsd installed on a parent server and it can access all nodes within its network via DNS. However, the children nodes cannot access each other with DNS. Am I supposed to install zeronsd on every client?

Since clap updated to a new major verison yesterday, Zeronsd does not compile correctly. The specific errors are

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/supervise.rs:91:18
   |
91 | impl From<&clap::ArgMatches<'_>> for Properties {
   |                  ^^^^^^^^^^---- help: remove these generics
   |                  |
   |                  expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:39:29
   |
39 | fn unsupervise(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                             ^^^^^^^^^^---- help: remove these generics
   |                             |
   |                             expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:43:27
   |
43 | fn supervise(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                           ^^^^^^^^^^---- help: remove these generics
   |                           |
   |                           expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/main.rs:47:23
   |
47 | fn start(args: &clap::ArgMatches<'_>) -> Result<(), anyhow::Error> {
   |                       ^^^^^^^^^^---- help: remove these generics
   |                       |
   |                       expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

error[E0107]: this struct takes 0 lifetime arguments but 1 lifetime argument was supplied
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/zeronsd-0.2.4/src/supervise.rs:92:26
   |
92 |     fn from(args: &clap::ArgMatches<'_>) -> Self {
   |                          ^^^^^^^^^^---- help: remove these generics
   |                          |
   |                          expected 0 lifetime arguments
   |
note: struct defined here, with 0 lifetime parameters
  --> /home/ubuntu/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-3.0.0/src/parse/matches/arg_matches.rs:71:12
   |
71 | pub struct ArgMatches {
   |            ^^^^^^^^^^

For more information about this error, try `rustc --explain E0107`.

for now I installed with cargo install --locked zeronsd

So here is my setup

I have 2 machines: one is my personal Server running Debian 10 with nginx/php/mysql and samba, let's call it deb-srv, and the other is my Laptop, which is installed with Linux Mint 20.1 together with Windows 10 Home (dual systems, not on VM) and is under another physical sub network.

I have ZeroTier and zeronsd installed and configured on deb-srv using intra.mydomain.com, and all 3 systems joined in the same ZeroTier network (so there are 3 nodes under the network, but always up to 2 nodes are online), for which I have verified by connecting via ZeroTier Intranet IPs.

I CAN connect to deb-srv using intra.mydomain.com (ping, ssh, http/https, samba) from my Laptop when under Linux Mint, but if I reboot to Windows on the same laptop (still under the same physical network), I can only connect to deb-srv using the ZeroTier Intranet IP but not intra.mydomain.com.

I have confirmed on either GUI and command line (powershell) that allowDNS is TRUE for the Windows client, and I have tried to restart the whole Windows system and the windows ZeroTier-One client for several times, but still not working.

Also I tried to set manually again by zerotier-cli set network-id allowDNS=1, as well as un-check and re-check the allowDNS checkbox and restart the client - still no hope

I also tried under Administrator to ipconfig /flushdns as well as Clear-DnsClientCache and then reboot the system - still no hope...

I also tried to quit from the ZeroTier network from Windows and re-join, still nothing changed...

Under Windows on the Laptop:

ping intra.mydomain.com Ping request could not find host intra.mydomain.com. Please check the name and try again.

ping 172.30..

Pinging 172.30.. with 32 bytes of data: Reply from 172.30..: bytes=32 time=27ms TTL=64 Reply from 172.30..: bytes=32 time=27ms TTL=64

I tried to set up ZeroTier with ZeroNSD, but I can't get the latter one to run. I tried to set up ZeroNSD in two different ways, which led to different errors. For both setups I put the Token in /var/lib/zerotier-one/token.

1. I installed ZeroNSD on the same server as ZeroTier. journalctl tells me the following:

zeronsd[21772]: Error: Error: Unexpected Response Response { url: Url { scheme: "http", cannot_be_a_base: false, username: "", password: None, host: Some(Ipv4(127.0.0.1)), port: Some(9993), path: "/network/ea818c27fb295a73", query: None, fragment: None }, status: 404, headers: {"cache-control": "no-cache", "pragma": "no-cache", "content-type": "application/json", "content-length": "2", "connection": "close"} }. Are you joined to ea818c27fb295a73?

2. I installed ZeroNSD on a different server in the ZeroTier network. Here, ZeroTier was already installed via the Snap package so I edited the service file in the following way:

[Unit]
Description=zeronsd for network ea818c27fb295a73
Requires=snap.zerotier.one.service
After=snap.zerotier.one.service

[Service]
Type=simple
ExecStart=/usr/bin/zeronsd start -t /var/lib/zerotier-one/token -w -d beyond.corp ea818c27fb295a73
TimeoutStopSec=30
Restart=always

[Install]
WantedBy=default.target

Here, the journalctl output is this:

zeronsd[1094963]: Dec 12 15:16:34.274  INFO zeronsd::init: Welcome to ZeroNS!
zeronsd[1094963]: Error: No such file or directory (os error 2)

Unfortunately, I don't even know which file or directory it tries to read here.

I already saw #195, but the solution there didn't help.

Does anyone have an idea why this fails? And what is the recommended place to install ZeroNDS (same server or different one)?

Cant start zeronsd

sudo /usr/bin/zeronsd start -l trace -t /home/daniel/zttoken -d lan a....3
Dec 01 13:23:43.601  INFO zeronsd::init: Welcome to ZeroNS!
Error: failed to parse header value

running in a VM OS: Ubuntu 22.04.1 LTS x86_64 Kernel: 5.15.0-53-generic

Hi!

I can see typical startup output:

/usr/local/bin/zeronsd start -t /private/var/lib/zerotier-one/token -d zerotier <network-id>
Oct 18 09:23:48.614  INFO zeronsd::init: Welcome to ZeroNS!
Oct 18 09:23:49.583  INFO zeronsd::init: Your IP for this network: 172.25.221.93
Oct 18 09:23:49.961  INFO zeronsd::authority: Adding new record <blanked>
Oct 18 09:23:49.961  INFO zeronsd::authority: Adding new record <blanked>
Oct 18 09:23:49.961  INFO zeronsd::authority: Adding/Replacing record <blanked>
...

The records that are added looked correct to me.

But then I tried to resolve using the IP (172.25.221.93) and nothing happened. Looking at the list of open ports (sudo lsof -i -P -n | grep LISTEN|grep 53) shows nothing listening on port 53.

I then tried to launch with debug and trace log levels, but did not see any other information that would point me to the issue. Do you have any other ideas on how to debug this?

OS: MacOS 12.4 installed: via brew (github repo instructions)

Hello again!

I get this build error towards the end of cargo install zeronsd:

   Compiling progenitor v0.2.0
   Compiling zerotier-one-api v1.1.0
   Compiling zerotier-central-api v1.1.0
error[E0061]: this function takes 1 argument but 0 arguments were supplied
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/zerotier-one-api-1.1.0/build.rs:7:25
    |
7   |     let mut generator = progenitor::Generator::new();
    |                         ^^^^^^^^^^^^^^^^^^^^^^^^^^-- supplied 0 arguments
    |                         |
    |                         expected 1 argument
    |
note: associated function defined here
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/progenitor-impl-0.2.0/src/lib.rs:124:12
    |
124 |     pub fn new(settings: &GenerationSettings) -> Self {
    |            ^^^

For more information about this error, try `rustc --explain E0061`.
error: could not compile `zerotier-one-api` due to previous error
warning: build failed, waiting for other jobs to finish...
error[E0061]: this function takes 1 argument but 0 arguments were supplied
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/zerotier-central-api-1.1.0/build.rs:7:25
    |
7   |     let mut generator = progenitor::Generator::new();
    |                         ^^^^^^^^^^^^^^^^^^^^^^^^^^-- supplied 0 arguments
    |                         |
    |                         expected 1 argument
    |
note: associated function defined here
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/progenitor-impl-0.2.0/src/lib.rs:124:12
    |
124 |     pub fn new(settings: &GenerationSettings) -> Self {
    |            ^^^

error: failed to compile `zeronsd v0.5.0`, intermediate artifacts can be found at `/tmp/cargo-installkW7HZG`

Caused by:
  build failed

Versions:

• Alpine 3.16.2
• rustc/cargo 1.60.0

Trying to start zeronsd on a host where zerotier-one server doesn't listen on port 9993 fails with the following message:

Aug 22 04:37:07.328  INFO zeronsd::init: Welcome to ZeroNS!
Error: Error: Communication Error error sending request for url (http://127.0.0.1:9993/network/<network-id>): error trying to connect: tcp connect error: Connection refused (os error 111). Are you joined to <network-id>?

I know this is probably a long ways away, but now that ZeroNS is right around the corner, it would be awesome if there could be a way to distribute internal certificates to ZeroTier clients. (I know this might be out of scope of the project, but it would be pretty awesome)