ZeroNS: a name service centered around the ZeroTier Central API
ZeroNS provides names that are a part of ZeroTier Central's configured networks; once provided a network it:
- Listens on the local interface joined to that network -- you will want to start one ZeroNS per ZeroTier network.
- Provides general DNS by forwarding all queries to
/etc/resolv.confresolvers that do not match the TLD, similar to
- Tells Central to point all clients that have the "Manage DNS" settings turned on to resolve to it.
- Finally, sets a provided TLD (
.domainis the default), as well as configuring
AAAA(IPv6) records for:
- Member IDs:
zt-will resolve to the IPv4/v6 addresses for them.
- Names: if the names are compatible with DNS names, they will be converted as such: to
- Please note that collisions are possible and that it's up to the admin to prevent them.
- Member IDs:
Please obtain a working rust environment first.
cargo install --git https://github.com/zerotier/zeronsd --branch main
ZEROTIER_CENTRAL_TOKEN in the environment is required. You must be able to administer the network to use
zeronsd with it. Also, running as
root is required as many client resolvers do not work over anything but port 53. Your
zeronsd instance will listen on both
sudo? Pass the
-E flag to import your current shell's environment, making it easier to add the
You must have already joined a network and obviously,
zerotier-one should be running!
It should print some diagnostics after it has talked to your
zerotier-one instance to figure out what IP to listen on. After that it should communicate with the central API and set everything else up automatically.
-dwill set a TLD for your records; the default is
-fwill parse a file in
/etc/hostsformat and append it to your records.
authtoken.secretwhich is needed to talk to ZeroTier on localhost. You can provide this file with this argument, but it is auto-detected on multiple platforms including Linux, OS X and Windows.
-tpath to file containing your ZeroTier Central token.
Records currently have a TTL of 60s, and Central's records are refreshed every 30s through the API. I felt this was a safer bet than letting timeouts happen.
ZeroNS demands a lot out of the trust-dns toolkit and I personally am grateful such a library suite exists. It made my job very easy.
Erik Hollensbe [email protected]