DNS Settings

DNS Settings control whether openZro manages DNS configuration for specific peer groups. This is useful when certain peers need to maintain their existing DNS setup.

DNS Management Modes

openZro supports two DNS management modes per peer:

Managed Mode (Default)

openZro configures the system's DNS settings. All DNS queries route through openZro's local resolver, and configured nameservers apply to this peer.

Unmanaged Mode

openZro does not modify system DNS settings. The peer uses its pre-existing DNS configuration and all configured nameservers are ignored.

Use unmanaged mode when a peer has conflicting VPN or DNS requirements, corporate policy requires specific DNS settings, or you're troubleshooting DNS issues.

Even in unmanaged mode, peers can still communicate over the openZro network. DNS management only affects name resolution, not connectivity.

Client-Side DNS Control

You can also disable DNS management directly on a peer using the --disable-dns flag:

# Disable DNS management on this peer
openzro up --disable-dns

# Enable DNS management on this peer
openzro up --disable-dns=false

The --disable-dns flag takes precedence over server-side DNS settings. Even if the management server configures nameservers for this peer's group, the peer will ignore them when this flag is set.

Configuring DNS Settings

Disable DNS Management for a Group

Go to DNS → DNS Settings
Click the groups selection box and select existing groups, or type a new group name and press enter to create one inline
Click Save Changes

Changes take effect within 10-30 seconds. Peers in disabled groups will revert to their original DNS settings.

Re-enable DNS Management

Go to DNS → DNS Settings
Remove the group from the disabled list
Click Save Changes

Domain Controllers

For guidance on running openZro alongside Domain Controllers, including disabling DNS management for DC groups, see Internal DNS Servers.

API Configuration

You can manage DNS settings programmatically:

# Get current settings
curl -X GET https://api.openzro.io/api/dns/settings \
  -H "Authorization: Token <TOKEN>"

# Update settings
curl -X PUT https://api.openzro.io/api/dns/settings \
  -H "Authorization: Token <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "disabled_management_groups": [
      "ch8i4ug6lnn4g9hqv7m0",
      "ch8i4ug6lnn4g9hqv7m1"
    ]
  }'

See the full API Reference for more details.

Next Steps

Internal DNS Servers — Configure nameservers and internal DNS
Internal DNS Servers — Work with AD, BIND, and other internal DNS
Troubleshooting — Diagnose DNS issues

Platforms

Peers

Access Control

Networks

Network Routes

Reverse Proxy

DNS

Team

Activity

Settings

Integrations

Public API

Maintenance

Authentication

Migration Guides