From 53213114ece6e4dec81e972aed5a8b0df3b553be Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Tue, 20 Apr 2021 15:51:14 -0700
Subject: [PATCH] net/dns: make debian_resolvconf correctly clear DNS configs.

More of #1720.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 net/dns/debian_resolvconf.go | 45 +++++++++++++++++++++++-------------
 net/dns/direct.go            |  2 +-
 net/dns/osconfig.go          |  4 ++++
 3 files changed, 34 insertions(+), 17 deletions(-)

diff --git a/net/dns/debian_resolvconf.go b/net/dns/debian_resolvconf.go
index 9dbf23e94..f29220c37 100644
--- a/net/dns/debian_resolvconf.go
+++ b/net/dns/debian_resolvconf.go
@@ -89,6 +89,15 @@ func newDebianResolvconfManager(logf logger.Logf) (*resolvconfManager, error) {
 	return ret, nil
 }
 
+func (m *resolvconfManager) deleteTailscaleConfig() error {
+	cmd := exec.Command("resolvconf", "-d", resolvconfConfigName)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("running %s: %s", cmd, out)
+	}
+	return nil
+}
+
 func (m *resolvconfManager) SetDNS(config OSConfig) error {
 	if !m.scriptInstalled {
 		m.logf("injecting resolvconf workaround script")
@@ -101,18 +110,24 @@ func (m *resolvconfManager) SetDNS(config OSConfig) error {
 		m.scriptInstalled = true
 	}
 
-	stdin := new(bytes.Buffer)
-	writeResolvConf(stdin, config.Nameservers, config.SearchDomains) // dns_direct.go
-
-	// This resolvconf implementation doesn't support exclusive mode
-	// or interface priorities, so it will end up blending our
-	// configuration with other sources. However, this will get fixed
-	// up by the script we injected above.
-	cmd := exec.Command("resolvconf", "-a", resolvconfConfigName)
-	cmd.Stdin = stdin
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("running %s: %s", cmd, out)
+	if config.IsZero() {
+		if err := m.deleteTailscaleConfig(); err != nil {
+			return err
+		}
+	} else {
+		stdin := new(bytes.Buffer)
+		writeResolvConf(stdin, config.Nameservers, config.SearchDomains) // dns_direct.go
+
+		// This resolvconf implementation doesn't support exclusive
+		// mode or interface priorities, so it will end up blending
+		// our configuration with other sources. However, this will
+		// get fixed up by the script we injected above.
+		cmd := exec.Command("resolvconf", "-a", resolvconfConfigName)
+		cmd.Stdin = stdin
+		out, err := cmd.CombinedOutput()
+		if err != nil {
+			return fmt.Errorf("running %s: %s", cmd, out)
+		}
 	}
 
 	return nil
@@ -156,10 +171,8 @@ func (m *resolvconfManager) GetBaseConfig() (OSConfig, error) {
 }
 
 func (m *resolvconfManager) Close() error {
-	cmd := exec.Command("resolvconf", "-d", resolvconfConfigName)
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("running %s: %s", cmd, out)
+	if err := m.deleteTailscaleConfig(); err != nil {
+		return err
 	}
 
 	if m.scriptInstalled {
diff --git a/net/dns/direct.go b/net/dns/direct.go
index 4fe4e4b2c..6e66349a3 100644
--- a/net/dns/direct.go
+++ b/net/dns/direct.go
@@ -234,7 +234,7 @@ func (m directManager) restoreBackup() error {
 }
 
 func (m directManager) SetDNS(config OSConfig) error {
-	if config.Equal(OSConfig{}) {
+	if config.IsZero() {
 		if err := m.restoreBackup(); err != nil {
 			return err
 		}
diff --git a/net/dns/osconfig.go b/net/dns/osconfig.go
index af7850b6f..866760a8e 100644
--- a/net/dns/osconfig.go
+++ b/net/dns/osconfig.go
@@ -52,6 +52,10 @@ type OSConfig struct {
 	MatchDomains []dnsname.FQDN
 }
 
+func (o OSConfig) IsZero() bool {
+	return len(o.Nameservers) == 0 && len(o.SearchDomains) == 0 && len(o.MatchDomains) == 0
+}
+
 func (a OSConfig) Equal(b OSConfig) bool {
 	if len(a.Nameservers) != len(b.Nameservers) {
 		return false