|
|
|
@ -1838,74 +1838,77 @@ func dnsConfigForNetmap(nm *netmap.NetworkMap, prefs *ipn.Prefs, logf logger.Log
|
|
|
|
dcfg.Hosts[fqdn] = append(dcfg.Hosts[fqdn], ip)
|
|
|
|
dcfg.Hosts[fqdn] = append(dcfg.Hosts[fqdn], ip)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if prefs.CorpDNS {
|
|
|
|
if !prefs.CorpDNS {
|
|
|
|
addDefault := func(resolvers []dnstype.Resolver) {
|
|
|
|
return dcfg
|
|
|
|
for _, r := range resolvers {
|
|
|
|
}
|
|
|
|
dcfg.DefaultResolvers = append(dcfg.DefaultResolvers, normalizeResolver(r))
|
|
|
|
|
|
|
|
}
|
|
|
|
addDefault := func(resolvers []dnstype.Resolver) {
|
|
|
|
|
|
|
|
for _, r := range resolvers {
|
|
|
|
|
|
|
|
dcfg.DefaultResolvers = append(dcfg.DefaultResolvers, normalizeResolver(r))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
addDefault(nm.DNS.Resolvers)
|
|
|
|
addDefault(nm.DNS.Resolvers)
|
|
|
|
for suffix, resolvers := range nm.DNS.Routes {
|
|
|
|
for suffix, resolvers := range nm.DNS.Routes {
|
|
|
|
fqdn, err := dnsname.ToFQDN(suffix)
|
|
|
|
fqdn, err := dnsname.ToFQDN(suffix)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
logf("[unexpected] non-FQDN route suffix %q", suffix)
|
|
|
|
logf("[unexpected] non-FQDN route suffix %q", suffix)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Create map entry even if len(resolvers) == 0; Issue 2706.
|
|
|
|
// Create map entry even if len(resolvers) == 0; Issue 2706.
|
|
|
|
// This lets the control plane send ExtraRecords for which we
|
|
|
|
// This lets the control plane send ExtraRecords for which we
|
|
|
|
// can authoritatively answer "name not exists" for when the
|
|
|
|
// can authoritatively answer "name not exists" for when the
|
|
|
|
// control plane also sends this explicit but empty route
|
|
|
|
// control plane also sends this explicit but empty route
|
|
|
|
// making it as something we handle.
|
|
|
|
// making it as something we handle.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// While we're already populating it, might as well size the
|
|
|
|
// While we're already populating it, might as well size the
|
|
|
|
// slice appropriately.
|
|
|
|
// slice appropriately.
|
|
|
|
dcfg.Routes[fqdn] = make([]dnstype.Resolver, 0, len(resolvers))
|
|
|
|
dcfg.Routes[fqdn] = make([]dnstype.Resolver, 0, len(resolvers))
|
|
|
|
|
|
|
|
|
|
|
|
for _, r := range resolvers {
|
|
|
|
for _, r := range resolvers {
|
|
|
|
dcfg.Routes[fqdn] = append(dcfg.Routes[fqdn], normalizeResolver(r))
|
|
|
|
dcfg.Routes[fqdn] = append(dcfg.Routes[fqdn], normalizeResolver(r))
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, dom := range nm.DNS.Domains {
|
|
|
|
}
|
|
|
|
fqdn, err := dnsname.ToFQDN(dom)
|
|
|
|
for _, dom := range nm.DNS.Domains {
|
|
|
|
if err != nil {
|
|
|
|
fqdn, err := dnsname.ToFQDN(dom)
|
|
|
|
logf("[unexpected] non-FQDN search domain %q", dom)
|
|
|
|
if err != nil {
|
|
|
|
}
|
|
|
|
logf("[unexpected] non-FQDN search domain %q", dom)
|
|
|
|
dcfg.SearchDomains = append(dcfg.SearchDomains, fqdn)
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if nm.DNS.Proxied { // actually means "enable MagicDNS"
|
|
|
|
dcfg.SearchDomains = append(dcfg.SearchDomains, fqdn)
|
|
|
|
for _, dom := range magicDNSRootDomains(nm) {
|
|
|
|
}
|
|
|
|
dcfg.Routes[dom] = nil // resolve internally with dcfg.Hosts
|
|
|
|
if nm.DNS.Proxied { // actually means "enable MagicDNS"
|
|
|
|
}
|
|
|
|
for _, dom := range magicDNSRootDomains(nm) {
|
|
|
|
|
|
|
|
dcfg.Routes[dom] = nil // resolve internally with dcfg.Hosts
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Set FallbackResolvers as the default resolvers in the
|
|
|
|
// Set FallbackResolvers as the default resolvers in the
|
|
|
|
// scenarios that can't handle a purely split-DNS config. See
|
|
|
|
// scenarios that can't handle a purely split-DNS config. See
|
|
|
|
// https://github.com/tailscale/tailscale/issues/1743 for
|
|
|
|
// https://github.com/tailscale/tailscale/issues/1743 for
|
|
|
|
// details.
|
|
|
|
// details.
|
|
|
|
switch {
|
|
|
|
switch {
|
|
|
|
case len(dcfg.DefaultResolvers) != 0:
|
|
|
|
case len(dcfg.DefaultResolvers) != 0:
|
|
|
|
// Default resolvers already set.
|
|
|
|
// Default resolvers already set.
|
|
|
|
case !prefs.ExitNodeID.IsZero():
|
|
|
|
case !prefs.ExitNodeID.IsZero():
|
|
|
|
// When using exit nodes, it's very likely the LAN
|
|
|
|
// When using exit nodes, it's very likely the LAN
|
|
|
|
// resolvers will become unreachable. So, force use of the
|
|
|
|
// resolvers will become unreachable. So, force use of the
|
|
|
|
// fallback resolvers until we implement DNS forwarding to
|
|
|
|
// fallback resolvers until we implement DNS forwarding to
|
|
|
|
// exit nodes.
|
|
|
|
// exit nodes.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// This is especially important on Apple OSes, where
|
|
|
|
// This is especially important on Apple OSes, where
|
|
|
|
// adding the default route to the tunnel interface makes
|
|
|
|
// adding the default route to the tunnel interface makes
|
|
|
|
// it "primary", and we MUST provide VPN-sourced DNS
|
|
|
|
// it "primary", and we MUST provide VPN-sourced DNS
|
|
|
|
// settings or we break all DNS resolution.
|
|
|
|
// settings or we break all DNS resolution.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// https://github.com/tailscale/tailscale/issues/1713
|
|
|
|
// https://github.com/tailscale/tailscale/issues/1713
|
|
|
|
addDefault(nm.DNS.FallbackResolvers)
|
|
|
|
addDefault(nm.DNS.FallbackResolvers)
|
|
|
|
case len(dcfg.Routes) == 0:
|
|
|
|
case len(dcfg.Routes) == 0:
|
|
|
|
// No settings requiring split DNS, no problem.
|
|
|
|
// No settings requiring split DNS, no problem.
|
|
|
|
case version.OS() == "android":
|
|
|
|
case version.OS() == "android":
|
|
|
|
// We don't support split DNS at all on Android yet.
|
|
|
|
// We don't support split DNS at all on Android yet.
|
|
|
|
addDefault(nm.DNS.FallbackResolvers)
|
|
|
|
addDefault(nm.DNS.FallbackResolvers)
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return dcfg
|
|
|
|
return dcfg
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
Brad Fitzpatrick
3 years ago