From 48d4f14652a481e5aebfad9d1304c3e6098a36ca Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Tue, 20 Apr 2021 15:52:19 -0700
Subject: [PATCH] ipn/ipnlocal: only set authoritative domains when using
 MagicDNS.

Otherwise, the existence of authoritative domains forces full
DNS proxying even when no other DNS config is present.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 ipn/ipnlocal/local.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index c1c508dc8..ff352b5fd 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -1617,7 +1617,6 @@ func (b *LocalBackend) authReconfig() {
 			}
 			dcfg.SearchDomains = append(dcfg.SearchDomains, fqdn)
 		}
-		dcfg.AuthoritativeSuffixes = magicDNSRootDomains(nm)
 		set := func(name string, addrs []netaddr.IPPrefix) {
 			if len(addrs) == 0 || name == "" {
 				return
@@ -1633,6 +1632,7 @@ func (b *LocalBackend) authReconfig() {
 			dcfg.Hosts[fqdn] = ips
 		}
 		if nm.DNS.Proxied { // actually means "enable MagicDNS"
+			dcfg.AuthoritativeSuffixes = magicDNSRootDomains(nm)
 			dcfg.Hosts = map[dnsname.FQDN][]netaddr.IP{}
 			set(nm.Name, nm.Addresses)
 			for _, peer := range nm.Peers {