DNS seems to be the weakest point of many of these overlay network products: hamachi, zerotier, tailscale, and probably this one all use some convoluted nonsense despite the fact that split dns mechanics exist out of the box now in Windows, MacOS and Linux.
> split dns mechanics exist out of the box now in Windows, MacOS and Linux
Could you elaborate more on what split DNS options are available out of the box on the various systems? I'm genuinely curious what a no-convoluted-nonsense DNS setup looks like for this kind of tool.
Innernet appears to use /etc/hosts on the clients and updates it from the server when peers are added/removed etc.
To configure split DNS on the server, you'd need an authoritative server listening on the wg interface and update the zone file when peers are added and removed.
MacOS: Supports similar split DNS by domain/interface, see resolver(5) for the details.
Windows: I'm not a windows person, but it appears that Windows has trouble and you need to play with interface metrics, one solution was to install unbound and use it instead of Windows' native resolver.
Windows has NRPT which is mature and works across all applications. It actually appears to be rather more capable in some ways as compared to what systemd resolver or macOS can do. I have been using it with regular Win10 clients for about 18 months now without any trouble.
Windows does not have a comprehensive solution to split dns. The vpn api hacked on something that resembles that, but the core networking stack doesn’t really support it. Windows Server can be configured to handle split brain DNS but that’s a different matter altogether.
So (the last time I checked) the actual code is there but there are no sanctioned user/developer-visible knobs/APIs to tweak NRPT on client Windows SKUs and only limited configuration specifically limited to the resolution of accepted client DNS requests is available on Windows Server.
I believe there is basically a optional network stack path that utilizes NRPT but it’s not the default path, so only MS-blessed code that is actively using NRPT (so the new VPN stack and their DNS server) actually works with it.
NRPT has worked fine for me on regular Win10 clients ever since I first started configuring it about 18 months ago. With the exception of apps like Firefox being configured for DNS-over-HTTP and bypassing the OS resolver entirely, it works in all applications and with all the interstitial resolvers in virtual environments I have had occasion to use (VMware workstation, HyperV, Docker, WSL1/2, etc.)
I assume "split DNS" requires extra software anyway and is going to update `/etc/resolv.conf`. So far I have been using `dnsmasq` which is pretty common in the industry although not something seamless.
No; support is baked into the default OS resolvers if you like, but obviously you can also use outbound software to achieve it too. The stuff in /etc/resolv.conf have not been "the whole story" in Linux name resolution ever since systemd, and at times has really tripped me up.
