ipn/ipnlocal: use fallback default DNS whenever exit nodes are on.

Fixes #1625

Signed-off-by: David Anderson <danderson@tailscale.com>
pull/1782/head
David Anderson 3 years ago
parent 67ba6aa9fd
commit 36d030cc36

@ -1650,15 +1650,21 @@ func (b *LocalBackend) authReconfig() {
switch { switch {
case len(dcfg.DefaultResolvers) != 0: case len(dcfg.DefaultResolvers) != 0:
// Default resolvers already set. // Default resolvers already set.
case len(dcfg.Routes) == 0 && len(dcfg.Hosts) == 0 && len(dcfg.AuthoritativeSuffixes) == 0: case !uc.ExitNodeID.IsZero():
// No settings requiring split DNS, no problem. // When using exit nodes, it's very likely the LAN
case (version.OS() == "iOS" || version.OS() == "macOS") && !uc.ExitNodeID.IsZero(): // resolvers will become unreachable. So, force use of the
// On Apple OSes, if your NetworkExtension provides a // fallback resolvers until we implement DNS forwarding to
// default route, underlying primary resolvers are // exit nodes.
// automatically removed, so we MUST provide a set of //
// resolvers capable of resolving the entire world. // This is especially important on Apple OSes, where
// adding the default route to the tunnel interface makes
// it "primary", and we MUST provide VPN-sourced DNS
// settings or we break all DNS resolution.
//
// https://github.com/tailscale/tailscale/issues/1713 // https://github.com/tailscale/tailscale/issues/1713
addDefault(nm.DNS.FallbackResolvers) addDefault(nm.DNS.FallbackResolvers)
case len(dcfg.Routes) == 0 && len(dcfg.Hosts) == 0 && len(dcfg.AuthoritativeSuffixes) == 0:
// No settings requiring split DNS, no problem.
case version.OS() == "android": case version.OS() == "android":
// We don't support split DNS at all on Android yet. // We don't support split DNS at all on Android yet.
addDefault(nm.DNS.FallbackResolvers) addDefault(nm.DNS.FallbackResolvers)

Loading…
Cancel
Save