Skip to main content

DNS Management

info

DNS integration is a long-requested feature. In 1.6 it is now possible to set DNS servers at the network controller that will be applied to the host upon joining the network, provided the host approves this by allowing managed DNS. This will allow networks to push things like Active Directory or other intranet DNS servers to members of a network.

This still doesn't let you simply address hosts by their name as configured at the controller, but we're aware of this. We plan on adding a feature to allow the controller itself to be a DNS server too if one desires in a future ZeroTier version (likely post-2.0).

In the mean time, have a look at GitHub - zerotier/zeronsd: A DNS server for ZeroTier users, a DNS server for your ZeroTier Central networks.

ZeroTier managed DNS is currently only supported on Windows, macOS, Android, and iOS. Linux support is forthcoming but may be limited to common Linux DNS resolver configurations such as those found in Debian and CentOS/RHEL.

Configuration is done at the my.zerotier.com network settings:

DNS Configuration section in Central

Each client must click the "Allow DNS" button.

Allow DNS button

Windows Active Directory

Some group policies can prevent managed DNS from working.

If your machines are all domain joined, you can push a NRPT rule via GPO. Go to Computer Config → Policies → Windows Settings → Name Resolution Policy.

See here New DNS Features don't appear to work for more discussion.

macOS DNS resolution

On macOS, common command line DNS tools like dig, host, and nslookup don't know about these types of resolvers, and do not work with ZeroTier Managed DNS.

Here are some macOS specific alternatives:

dns-sd -G v4v6 host.example.com
dscacheutil -q host -a name host.example.com
ping and curl should work too.

Alternatively

It's also possible to put your ZeroTier Managed IP Addresses in public DNS. That is, purchase a domain name from a registrar and create A and/or AAAA records that point to your virtual IP addresses.