diff --git a/net/dns/direct.go b/net/dns/direct.go index 7fdc633d7..c093dcd77 100644 --- a/net/dns/direct.go +++ b/net/dns/direct.go @@ -74,7 +74,7 @@ func readResolvConf() (OSConfig, error) { if strings.HasPrefix(line, "search") { domain := strings.TrimPrefix(line, "search") domain = strings.TrimSpace(domain) - config.Domains = append(config.Domains, domain) + config.SearchDomains = append(config.SearchDomains, domain) continue } } @@ -117,7 +117,7 @@ func newDirectManager() directManager { func (m directManager) SetDNS(config OSConfig) error { // Write the tsConf file. buf := new(bytes.Buffer) - writeResolvConf(buf, config.Nameservers, config.Domains) + writeResolvConf(buf, config.Nameservers, config.SearchDomains) if err := atomicfile.WriteFile(tsConf, buf.Bytes(), 0644); err != nil { return err } diff --git a/net/dns/manager.go b/net/dns/manager.go index bd510b257..f62e9672d 100644 --- a/net/dns/manager.go +++ b/net/dns/manager.go @@ -66,8 +66,7 @@ func (m *Manager) Set(cfg Config) error { Routes: map[string][]netaddr.IPPort{}, } osCfg := OSConfig{ - Domains: cfg.SearchDomains, - Primary: true, + SearchDomains: cfg.SearchDomains, } // We must proxy through quad-100 if MagicDNS hosts are in // use, or there are any per-domain routes. diff --git a/net/dns/manager_windows.go b/net/dns/manager_windows.go index 45b602be5..2e3b8d4b4 100644 --- a/net/dns/manager_windows.go +++ b/net/dns/manager_windows.go @@ -232,22 +232,22 @@ func (m windowsManager) SetDNS(cfg OSConfig) error { // configuration only, routing one set of things to the "split" // resolver and the rest to the primary. - if cfg.Primary { + if len(cfg.MatchDomains) == 0 { if err := m.setSplitDNS(nil, nil); err != nil { return err } - if err := m.setPrimaryDNS(cfg.Nameservers, cfg.Domains); err != nil { + if err := m.setPrimaryDNS(cfg.Nameservers, cfg.SearchDomains); err != nil { return err } } else if !m.nrptWorks { return errors.New("cannot set per-domain resolvers on Windows 7") } else { - if err := m.setSplitDNS(cfg.Nameservers, cfg.Domains); err != nil { + if err := m.setSplitDNS(cfg.Nameservers, cfg.MatchDomains); err != nil { return err } // Still set search domains on the interface, since NRPT only // handles query routing and not search domain expansion. - if err := m.setPrimaryDNS(nil, cfg.Domains); err != nil { + if err := m.setPrimaryDNS(nil, cfg.SearchDomains); err != nil { return err } } @@ -297,9 +297,7 @@ func (m windowsManager) SupportsSplitDNS() bool { } func (m windowsManager) Close() error { - return m.SetDNS(OSConfig{ - Primary: true, - }) + return m.SetDNS(OSConfig{}) } // getBasePrimaryResolver returns a guess of the non-Tailscale primary diff --git a/net/dns/nm.go b/net/dns/nm.go index 243e9dfb4..e90d67cdf 100644 --- a/net/dns/nm.go +++ b/net/dns/nm.go @@ -138,7 +138,7 @@ func (m nmManager) SetDNS(config OSConfig) error { ipv4Map := settings["ipv4"] ipv4Map["dns"] = dbus.MakeVariant(dnsv4) - ipv4Map["dns-search"] = dbus.MakeVariant(config.Domains) + ipv4Map["dns-search"] = dbus.MakeVariant(config.SearchDomains) // We should only request priority if we have nameservers to set. if len(dnsv4) == 0 { ipv4Map["dns-priority"] = dbus.MakeVariant(100) @@ -166,7 +166,7 @@ func (m nmManager) SetDNS(config OSConfig) error { // Finally, set the actual DNS config. ipv6Map["dns"] = dbus.MakeVariant(dnsv6) - ipv6Map["dns-search"] = dbus.MakeVariant(config.Domains) + ipv6Map["dns-search"] = dbus.MakeVariant(config.SearchDomains) if len(dnsv6) == 0 { ipv6Map["dns-priority"] = dbus.MakeVariant(100) } else { diff --git a/net/dns/osconfig.go b/net/dns/osconfig.go index 9299f78f2..db17f035e 100644 --- a/net/dns/osconfig.go +++ b/net/dns/osconfig.go @@ -25,13 +25,14 @@ type OSConfigurator interface { type OSConfig struct { // Nameservers are the IP addresses of the nameservers to use. Nameservers []netaddr.IP - // Domains are the search domains to use. - Domains []string - // Primary indicates whether to set Nameservers as the - // primary/"default" resolvers for the system. - // If false, Nameservers will be set as resolvers for Domains - // only. - // Primary=false is only allowed for OSConfigurators that report - // SupportsSplitDNS. - Primary bool + // SearchDomains are the domain suffixes to use when expanding + // single-label name queries. SearchDomains is additive to + // whatever non-Tailscale search domains the OS has. + SearchDomains []string + // MatchDomains are the DNS suffixes for which Nameservers should + // be used. If empty, Nameservers is installed as the "primary" resolver. + // A non-empty MatchDomains requests a "split DNS" configuration + // from the OS, which will only work with OSConfigurators that + // report SupportsSplitDNS()=true. + MatchDomains []string } diff --git a/net/dns/resolvconf.go b/net/dns/resolvconf.go index 7e0e60802..68b5f761e 100644 --- a/net/dns/resolvconf.go +++ b/net/dns/resolvconf.go @@ -117,7 +117,7 @@ const resolvconfConfigName = "tun-tailscale.inet" func (m resolvconfManager) SetDNS(config OSConfig) error { stdin := new(bytes.Buffer) - writeResolvConf(stdin, config.Nameservers, config.Domains) // dns_direct.go + writeResolvConf(stdin, config.Nameservers, config.SearchDomains) // dns_direct.go var cmd *exec.Cmd switch m.impl { diff --git a/net/dns/resolved.go b/net/dns/resolved.go index fc3e2a614..9e5b10c96 100644 --- a/net/dns/resolved.go +++ b/net/dns/resolved.go @@ -134,8 +134,8 @@ func (m resolvedManager) SetDNS(config OSConfig) error { return fmt.Errorf("setLinkDNS: %w", err) } - var linkDomains = make([]resolvedLinkDomain, len(config.Domains)) - for i, domain := range config.Domains { + var linkDomains = make([]resolvedLinkDomain, len(config.SearchDomains)) + for i, domain := range config.SearchDomains { linkDomains[i] = resolvedLinkDomain{ Domain: domain, RoutingOnly: false,