mirror of https://github.com/tailscale/tailscale/
ipnlocal: don't configure resolver with an invalid PeerAPI DNS URL
Updates tailscale/corp#23782 Once the node key of the current exit node expires, we should stop attempting to forward DNS queries to it, because a connection cannot be established to an expired node. Here we change the logic in `exitNodeCanProxyDNS` so that it no longer attempts to use an invalid URL `/dns-query` as the DNS resolver if an IP is no longer available in the network map for the current exit node. Instead, we return false, and log that this issue occurred. This doesn't fix the problem, but it at least mitigates it by allowing DNS queries in the broken state to go to the local default resolver (e.g. 192.168.1.1) instead of endlessly getting forwarded to an DNS server URL that doesn't exist. Next steps include: - add a user-facing health warning when this verifies, instead of just a log line - understand why re-authenticating the exit node doesn't trigger a refresh of the DNS config. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>angott/23782
parent
94c79659fa
commit
f25ab855ba
Loading…
Reference in New Issue