ZeroTier - Remote name resolution on Local LAN? (RUTX08)

Hello. I’am using a RUTX08 as router with latest firmware available RUTX_R_00.07.10
Is a very simple configuration:

Local
[Gateway] ------ RUTX08 <--------> Local Lan Clients (10.20.xxx.xxx)
RUTX08 <---------> ZeroTier Client Member
Remote
Client PC (192.168.xxx.xxx) <---------> ZeroTier Client Member

I followed the ZeroTier tutorial, configuring the service and setting the forwarding rule in the firewall.

Everything works smoothly and from the client it is possible to reach all the machines on the Local Lan using the IPs but not by name.
This aspect is fundamental to use some services that run on devices that are not able to install zerotier or simply for using network shared folders.

Am I missing any settings that would make this possible or simply is impossible?

Thank you in advance.

Hello,

This can be done. Two ways to do it.

First, quick and dirty:
Add the names and IP addresses of the remote devices to /etc/hosts (if you use Linux/Unix) or C:/windows/System32/drivers/etc/hosts (for Winxx).
Simplest one if you have a small number of devices on the RUTX08’s side but won’t scale very well.

Second:
Use the dnsmasq on the RUTX side to resolve the names and find a way to redirect the requests to it.
Choose a domain name for the lan on the RUTX side (by default it is set to ‘lan’ better to have something else for example ‘ztlan’).
On the RUTX08 use a ssh or CLI console, execute:

uci set dhcp.@dnsmasq[0].local="/ztlan/"
uci set dhcp.@dnsmasq[0].domain="ztlan"
uci commit dhcp

The rest can be done via the UI, from Network->DNS->General settings set “Rebind protection” to off and from Network->DNS-Advanced settings add the name of the zt interface to the “Listen interfaces” field and set “Filter private” to off.

On the PC side, you’ll have to teach the PC how to resolve the ztlan domain names, something like list server ‘/ztlan/10.20.x.y’ and list server ‘/x.20.10.in-arpa.arpa/10.20.x.y’ for the reverse if you use dnsmasq. If you use bind set zones appropriately and if you use winxx ask your local administrator.

Regards,

Thank you for answering my question quickly.
The first solution is not feasible.
The second solution seems to be not easy to implement.

I don’t know if it can have any relevance but I add that Teltonika operates as a DHCP server.

Since I’m still evaluating the best solution to implement… could you suggest me if there are other VPN supported protocols os services with an adequate/high level of security that allow obtaining the resolution of the names of the clients connected “behind” the Teltonika (without necessarily installing specific client software) so that they can be easily reached by other clients by resolving their names?
Maybe using another protocol or service could make my life much easier…

Thanks again

Hmm, no. Wireguard or IPSEC will have the same name resolution constrains, and will require at least one public IP address for the “server” side.

I always use the second solution, no dedicated maintenance to perform if someone (me) change / move / reconfigure / add devices behind the remote router.

So the name of the devices are added automatically to the resolver.

This topic was automatically closed after 15 days. New replies are no longer allowed.