[client] Explicitly disable DNSOverTLS for systemd-resolved #4579
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
kleschenko
force-pushed
the
disable-dnsovertls
branch
from
6a322eb to
6a899e4
Compare
|
Contributor
Author
|
@mlsmaycon can someone please take a look at this change to see if it needs some additional work? We've noticed this problem with DNS on machines with DNSOverTLS enabled globally, and while there are proposed workarounds, it would be nice to get it fixed in the client |
lixmal
approved these changes
Oct 10, 2025
Collaborator
|
Thanks @kleschenko |
hurricanehrndz
added a commit
to hurricanehrndz/netbird
that referenced
this pull request
Oct 24, 2025
* upstream/main: (135 commits) [signal] Fix HTTP/WebSocket proxy not using custom certificates (netbirdio#4644) [client] Fix active profile name in debug bundle (netbirdio#4689) [management] Add peer disapproval reason (netbirdio#4468) [misc] Update tag name extraction in install.sh (netbirdio#4677) [client] Clean up match domain reg entries between config changes (netbirdio#4676) [client] Delete TURNConfig section from script (netbirdio#4639) [client] Security upgrade alpine from 3.22.0 to 3.22.2 netbirdio#4618 [client] Fix status showing P2P without connection (netbirdio#4661) [client] Support BROWSER env for login (netbirdio#4654) [client] Remove rule squashing (netbirdio#4653) Handle the case when the service has already been down and the status recorder is not available (netbirdio#4652) [client] Set default wg port for new profiles (netbirdio#4651) [client] Add bind activity listener to bypass udp sockets (netbirdio#4646) [client] Fix missing flag values in profiles (netbirdio#4650) [management] feat: Basic PocketID IDP integration (netbirdio#4529) [client] Force TLS1.2 for RDP with Win11/Server2025 for CredSSP compatibility (netbirdio#4617) [misc] Add service definition for netbird-signal (netbirdio#4620) [management] pass temporary flag to validator (netbirdio#4599) [client] Explicitly disable DNSOverTLS for systemd-resolved (netbirdio#4579) [management] sync all other peers on peer add/remove (netbirdio#4614) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe your changes
This change explicitly disables DNSOverTLS for the Netbird wg interface on systems using systemd-resolved. Currently, if the system has DNS over TLS enabled globally then netbird interface will inherit it and DNS resolution ends up in a broken state. Disabling
dnsovertlssetting explicitly for interface fixes this issue.Issue ticket number and link
Updates #1483
Stack
Checklist
Documentation
Select exactly one:
Docs PR URL (required if "docs added" is checked)
Paste the PR link from https://github.com/netbirdio/docs here:
https://github.com/netbirdio/docs/pull/__