net/dns: set appropriate Windows registry values to prevent it from sending DNS changes concerning our interface to AD domain controllers.

We do this unconditionally inside SetDNS such that the values are always set
before we make any other changes to DNS configurations.

It should not be harmful for the settings to remain even when other DNS
settings are cleared out (since they only affect our network interface).

See https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003 for details about the registry value.

Fixes https://github.com/tailscale/tailscale/issues/4829

Signed-off-by: Aaron Klotz <aaron@tailscale.com>

net/dns/manager_windows.go

@@ -215,6 +215,11 @@ func (m windowsManager) SetDNS(cfg OSConfig) error {
 	// configuration only, routing one set of things to the "split"
 	// resolver and the rest to the primary.
 
+	// Unconditionally disable dynamic DNS updates on our interfaces.
+	if err := m.disableDynamicUpdates(); err != nil {
+		m.logf("disableDynamicUpdates error: %v\n", err)
+	}
+
 	if len(cfg.MatchDomains) == 0 {
 		if err := m.setSplitDNS(nil, nil); err != nil {
 			return err
@@ -295,6 +300,29 @@ func (m windowsManager) Close() error {
 	return m.SetDNS(OSConfig{})
 }
 
+// disableDynamicUpdates sets the appropriate registry values to prevent the
+// Windows DHCP client from sending dynamic DNS updates for our interface to
+// AD domain controllers.
+func (m windowsManager) disableDynamicUpdates() error {
+	setRegValue := func(regBase string) error {
+		key, err := m.openKey(m.ifPath(regBase))
+		if err != nil {
+			return err
+		}
+		defer key.Close()
+
+		return key.SetDWordValue("DisableDynamicUpdate", 1)
+	}
+
+	for _, regBase := range []string{ipv4RegBase, ipv6RegBase} {
+		if err := setRegValue(regBase); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m windowsManager) GetBaseConfig() (OSConfig, error) {
 	resolvers, err := m.getBasePrimaryResolver()
 	if err != nil {