tailcfg, ipn/ipnlocal, net/dns: forward exit node DNS on Unix to system DNS

Updates #1713 Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-29 14:18:09 -08:00
parent d9c21936c3
commit 135580a5a8
7 changed files with 251 additions and 57 deletions
@@ -907,6 +907,21 @@ type DNSConfig struct {
 	// ExtraRecords contains extra DNS records to add to the
 	// MagicDNS config.
 	ExtraRecords []DNSRecord `json:",omitempty"`
+
+	// ExitNodeFilteredSuffixes are the the DNS suffixes that the
+	// node, when being an exit node DNS proxy, should not answer.
+	//
+	// The entries do not contain trailing periods and are always
+	// all lowercase.
+	//
+	// If an entry starts with a period, it's a suffix match (but
+	// suffix ".a.b" doesn't match "a.b"; a prefix is required).
+	//
+	// If an entry does not start with a period, it's an exact
+	// match.
+	//
+	// Matches are case insensitive.
+	ExitNodeFilteredSet []string
 }

 // DNSRecord is an extra DNS record to add to MagicDNS.
@@ -208,20 +208,22 @@ func (src *DNSConfig) Clone() *DNSConfig {
 	dst.Nameservers = append(src.Nameservers[:0:0], src.Nameservers...)
 	dst.CertDomains = append(src.CertDomains[:0:0], src.CertDomains...)
 	dst.ExtraRecords = append(src.ExtraRecords[:0:0], src.ExtraRecords...)
+	dst.ExitNodeFilteredSet = append(src.ExitNodeFilteredSet[:0:0], src.ExitNodeFilteredSet...)
 	return dst
 }

 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _DNSConfigCloneNeedsRegeneration = DNSConfig(struct {
-	Resolvers         []dnstype.Resolver
-	Routes            map[string][]dnstype.Resolver
-	FallbackResolvers []dnstype.Resolver
-	Domains           []string
-	Proxied           bool
-	Nameservers       []netaddr.IP
-	PerDomain         bool
-	CertDomains       []string
-	ExtraRecords      []DNSRecord
+	Resolvers           []dnstype.Resolver
+	Routes              map[string][]dnstype.Resolver
+	FallbackResolvers   []dnstype.Resolver
+	Domains             []string
+	Proxied             bool
+	Nameservers         []netaddr.IP
+	PerDomain           bool
+	CertDomains         []string
+	ExtraRecords        []DNSRecord
+	ExitNodeFilteredSet []string
 }{})

 // Clone makes a deep copy of RegisterResponse.