Hi, I’ve implemented a gateway to make a few devices reachable that cannot run the enclave client. With the policies and through IP addresses this works nice. But I’ve some applications that need to resolve the IP address through DNS.
I’ve made the custom zone for the DNS in enclave and put the names in, but the names can be only binded to systems or tags within enclave. So all systems that I bind to the custom DNS work just fine.
But the system I want the DNS to point to is behind the gateway and cannot be binded through the unless I can make it as a system in enclave and it cannot run the enclave client, so I cannot get it into enclave.
Is there anything planned to allow the DNS of enclave to resolve to a device behind a gateway within the range discovered by the gateway? Or is there some way to get this done?
Hi @niekcrijns,
At the moment, Enclave-defined DNS can only assign names for devices that run Enclave. We are considering adding the ability to define more traditional “A” records to assign IP addresses to a given name that then propagates out to all your systems.
However, since gateways are involved, you should know that when client systems are connected to a gateway, the gateway itself is given an opportunity to respond to any DNS questions from the client, so that devices on the other side of the gateway can be resolved.
This means that, provided the gateway is able to resolve the name of the system on the local network, so will any connected clients.
Only DNS names for systems that are accessible via the gateway (as defined by policy) will get a DNS response.
Finally, one thing to note is that we currently do not add a “search domain suffix” for DNS names to our Enclave adapter, so (from the above diagram), you will only be able to resolve dbserver1.corp.net
, and not the short name dbserver1
. We may change this in the future however, so the short names are resolvable.
Hi Alistair,
Thanks for the assistance and diagrams.
I’m going to try out the method you described and see if it works well enough for our applications!