webnet
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipn/ipnlocal: plumb fallback DNS in as a workaround for split DNS issues.

Browse Source 
Cause of #1743.

Signed-off-by: David Anderson <danderson@tailscale.com>
main
David Anderson 5 years ago committed by Dave Anderson
parent 28ba20d733
commit 1e5c608fae
2 changed files with 32 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 37
      ipn/ipnlocal/local.go
  2. 1
      tailcfg/tailcfg.go

37
ipn/ipnlocal/local.go
Unescape View File

@ -1581,14 +1581,18 @@ func (b *LocalBackend) authReconfig() {
// If CorpDNS is false, dcfg remains the zero value.
if uc.CorpDNS {
for _, resolver := range nm.DNS.Resolvers {
res, err := parseResolver(resolver)
if err != nil {
b.logf(err.Error())
continue
addDefault := func(resolvers []tailcfg.DNSResolver) {
for _, resolver := range resolvers {
res, err := parseResolver(resolver)
if err != nil {
b.logf("skipping bad resolver: %v", err.Error())
continue
}
dcfg.DefaultResolvers = append(dcfg.DefaultResolvers, res)
}
dcfg.DefaultResolvers = append(dcfg.DefaultResolvers, res)
}
addDefault(nm.DNS.Resolvers)
if len(nm.DNS.Routes) > 0 {
dcfg.Routes = map[dnsname.FQDN][]netaddr.IPPort{}
}
@ -1635,6 +1639,27 @@ func (b *LocalBackend) authReconfig() {
set(peer.Name, peer.Addresses)
}
}
// Set FallbackResolvers as the default resolvers in the
// scenarios that can't handle a purely split-DNS config. See
// https://github.com/tailscale/tailscale/issues/1743 for
// details.
switch {
case len(dcfg.DefaultResolvers) != 0:
// Default resolvers already set.
case len(dcfg.Routes) == 0 && len(dcfg.Hosts) == 0 && len(dcfg.AuthoritativeSuffixes) == 0:
// No settings requiring split DNS, no problem.
case (version.OS() == "iOS" || version.OS() == "macOS") && !uc.ExitNodeID.IsZero():
// On Apple OSes, if your NetworkExtension provides a
// default route, underlying primary resolvers are
// automatically removed, so we MUST provide a set of
// resolvers capable of resolving the entire world.
// https://github.com/tailscale/tailscale/issues/1713
addDefault(nm.DNS.FallbackResolvers)
case version.OS() == "android":
// We don't support split DNS at all on Android yet.
addDefault(nm.DNS.FallbackResolvers)
}
}
err = b.e.Reconfig(cfg, rcfg, &dcfg)

1
tailcfg/tailcfg.go
Unescape View File

@ -852,6 +852,7 @@ type DNSConfig struct {
// FallbackResolvers is like Resolvers, but is only used if a
// split DNS configuration is requested in a configuration that
// doesn't work yet without explicit default resolvers.
// https://github.com/tailscale/tailscale/issues/1743
FallbackResolvers []DNSResolver `json:",omitempty"`
// Domains are the search domains to use.
// Search domains must be FQDNs, but *without* the trailing dot.

Write Preview
Loading…
Cancel
Save