headscale/dns_test.go

395 lines
11 KiB
Go
Raw Permalink Normal View History

2021-10-09 10:22:21 +00:00
package headscale
import (
"fmt"
2022-09-02 07:15:05 +00:00
"net/netip"
2021-10-09 10:22:21 +00:00
"gopkg.in/check.v1"
"tailscale.com/tailcfg"
"tailscale.com/types/dnstype"
2021-10-09 10:22:21 +00:00
)
func (s *Suite) TestMagicDNSRootDomains100(c *check.C) {
2022-09-02 07:15:05 +00:00
prefixes := []netip.Prefix{
netip.MustParsePrefix("100.64.0.0/10"),
2022-01-15 15:18:49 +00:00
}
domains := generateMagicDNSRootDomains(prefixes)
2021-10-09 10:22:21 +00:00
found := false
2021-10-10 10:43:41 +00:00
for _, domain := range domains {
2021-10-09 10:22:21 +00:00
if domain == "64.100.in-addr.arpa." {
found = true
2021-11-14 15:46:09 +00:00
2021-10-09 10:22:21 +00:00
break
}
}
c.Assert(found, check.Equals, true)
found = false
2021-10-10 10:43:41 +00:00
for _, domain := range domains {
2021-10-09 10:22:21 +00:00
if domain == "100.100.in-addr.arpa." {
found = true
2021-11-14 15:46:09 +00:00
2021-10-09 10:22:21 +00:00
break
}
}
c.Assert(found, check.Equals, true)
found = false
2021-10-10 10:43:41 +00:00
for _, domain := range domains {
2021-10-09 10:22:21 +00:00
if domain == "127.100.in-addr.arpa." {
found = true
2021-11-14 15:46:09 +00:00
2021-10-09 10:22:21 +00:00
break
}
}
c.Assert(found, check.Equals, true)
}
func (s *Suite) TestMagicDNSRootDomains172(c *check.C) {
2022-09-02 07:15:05 +00:00
prefixes := []netip.Prefix{
netip.MustParsePrefix("172.16.0.0/16"),
2022-01-15 15:18:49 +00:00
}
domains := generateMagicDNSRootDomains(prefixes)
2021-10-09 10:22:21 +00:00
found := false
2021-10-10 10:43:41 +00:00
for _, domain := range domains {
2021-10-09 10:22:21 +00:00
if domain == "0.16.172.in-addr.arpa." {
found = true
2021-11-14 15:46:09 +00:00
2021-10-09 10:22:21 +00:00
break
}
}
c.Assert(found, check.Equals, true)
found = false
2021-10-10 10:43:41 +00:00
for _, domain := range domains {
2021-10-09 10:22:21 +00:00
if domain == "255.16.172.in-addr.arpa." {
found = true
2021-11-14 15:46:09 +00:00
2021-10-09 10:22:21 +00:00
break
}
}
c.Assert(found, check.Equals, true)
}
2022-01-15 15:18:49 +00:00
// Happens when netmask is a multiple of 4 bits (sounds likely).
func (s *Suite) TestMagicDNSRootDomainsIPv6Single(c *check.C) {
2022-09-02 07:15:05 +00:00
prefixes := []netip.Prefix{
netip.MustParsePrefix("fd7a:115c:a1e0::/48"),
2022-01-15 15:18:49 +00:00
}
domains := generateMagicDNSRootDomains(prefixes)
c.Assert(len(domains), check.Equals, 1)
2022-01-25 22:11:15 +00:00
c.Assert(
domains[0].WithTrailingDot(),
check.Equals,
"0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.",
)
2022-01-15 15:18:49 +00:00
}
func (s *Suite) TestMagicDNSRootDomainsIPv6SingleMultiple(c *check.C) {
2022-09-02 07:15:05 +00:00
prefixes := []netip.Prefix{
netip.MustParsePrefix("fd7a:115c:a1e0::/50"),
2022-01-15 15:18:49 +00:00
}
domains := generateMagicDNSRootDomains(prefixes)
yieldsRoot := func(dom string) bool {
for _, candidate := range domains {
if candidate.WithTrailingDot() == dom {
return true
}
}
return false
}
c.Assert(len(domains), check.Equals, 4)
c.Assert(yieldsRoot("0.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."), check.Equals, true)
c.Assert(yieldsRoot("1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."), check.Equals, true)
c.Assert(yieldsRoot("2.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."), check.Equals, true)
c.Assert(yieldsRoot("3.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."), check.Equals, true)
}
func (s *Suite) TestDNSConfigMapResponseWithMagicDNS(c *check.C) {
userShared1, err := app.CreateUser("shared1")
c.Assert(err, check.IsNil)
userShared2, err := app.CreateUser("shared2")
c.Assert(err, check.IsNil)
userShared3, err := app.CreateUser("shared3")
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared1, err := app.CreatePreAuthKey(
userShared1.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared2, err := app.CreatePreAuthKey(
userShared2.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared3, err := app.CreatePreAuthKey(
userShared3.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
PreAuthKey2InShared1, err := app.CreatePreAuthKey(
userShared1.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared1.Name, "test_get_shared_nodes_1")
c.Assert(err, check.NotNil)
2023-05-01 14:53:23 +00:00
nodesInShared1 := &Node{
ID: 1,
MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_1",
UserID: userShared1.ID,
User: *userShared1,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared1.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared1)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared1.Name, nodesInShared1.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodesInShared2 := &Node{
ID: 2,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_2",
UserID: userShared2.ID,
User: *userShared2,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared2.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared2)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared2.Name, nodesInShared2.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodesInShared3 := &Node{
ID: 3,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_3",
UserID: userShared3.ID,
User: *userShared3,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared3.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared3)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared3.Name, nodesInShared3.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodes2InShared1 := &Node{
ID: 4,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_4",
UserID: userShared1.ID,
User: *userShared1,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.4")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(PreAuthKey2InShared1.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodes2InShared1)
baseDomain := "foobar.headscale.net"
dnsConfigOrig := tailcfg.DNSConfig{
2022-06-11 15:33:48 +00:00
Routes: make(map[string][]*dnstype.Resolver),
Domains: []string{baseDomain},
Proxied: true,
}
2023-05-01 14:53:23 +00:00
peersOfNodeInShared1, err := app.getPeers(nodesInShared1)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
dnsConfig := getMapResponseDNSConfig(
&dnsConfigOrig,
baseDomain,
2023-05-01 14:53:23 +00:00
*nodesInShared1,
peersOfNodeInShared1,
2021-11-15 16:16:04 +00:00
)
c.Assert(dnsConfig, check.NotNil)
c.Assert(len(dnsConfig.Routes), check.Equals, 3)
domainRouteShared1 := fmt.Sprintf("%s.%s", userShared1.Name, baseDomain)
_, ok := dnsConfig.Routes[domainRouteShared1]
c.Assert(ok, check.Equals, true)
domainRouteShared2 := fmt.Sprintf("%s.%s", userShared2.Name, baseDomain)
_, ok = dnsConfig.Routes[domainRouteShared2]
c.Assert(ok, check.Equals, true)
domainRouteShared3 := fmt.Sprintf("%s.%s", userShared3.Name, baseDomain)
_, ok = dnsConfig.Routes[domainRouteShared3]
c.Assert(ok, check.Equals, true)
}
func (s *Suite) TestDNSConfigMapResponseWithoutMagicDNS(c *check.C) {
userShared1, err := app.CreateUser("shared1")
c.Assert(err, check.IsNil)
userShared2, err := app.CreateUser("shared2")
c.Assert(err, check.IsNil)
userShared3, err := app.CreateUser("shared3")
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared1, err := app.CreatePreAuthKey(
userShared1.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared2, err := app.CreatePreAuthKey(
userShared2.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKeyInShared3, err := app.CreatePreAuthKey(
userShared3.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
preAuthKey2InShared1, err := app.CreatePreAuthKey(
userShared1.Name,
2021-11-15 16:16:04 +00:00
false,
false,
nil,
2022-08-25 10:12:41 +00:00
nil,
2021-11-15 16:16:04 +00:00
)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared1.Name, "test_get_shared_nodes_1")
c.Assert(err, check.NotNil)
2023-05-01 14:53:23 +00:00
nodesInShared1 := &Node{
ID: 1,
MachineKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
NodeKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
DiscoKey: "686824e749f3b7f2a5927ee6c1e422aee5292592d9179a271ed7b3e659b44a66",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_1",
UserID: userShared1.ID,
User: *userShared1,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared1.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared1)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared1.Name, nodesInShared1.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodesInShared2 := &Node{
ID: 2,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_2",
UserID: userShared2.ID,
User: *userShared2,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.2")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared2.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared2)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared2.Name, nodesInShared2.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodesInShared3 := &Node{
ID: 3,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_3",
UserID: userShared3.ID,
User: *userShared3,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.3")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKeyInShared3.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodesInShared3)
2023-05-01 14:53:23 +00:00
_, err = app.GetNode(userShared3.Name, nodesInShared3.Hostname)
c.Assert(err, check.IsNil)
2023-05-01 14:53:23 +00:00
nodes2InShared1 := &Node{
ID: 4,
MachineKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
NodeKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
DiscoKey: "dec46ef9dc45c7d2f03bfcd5a640d9e24e3cc68ce3d9da223867c9bc6d5e9863",
2022-06-11 15:33:48 +00:00
Hostname: "test_get_shared_nodes_4",
UserID: userShared1.ID,
User: *userShared1,
2021-11-18 08:49:55 +00:00
RegisterMethod: RegisterMethodAuthKey,
2022-09-02 07:15:05 +00:00
IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.4")},
2021-11-15 16:16:04 +00:00
AuthKeyID: uint(preAuthKey2InShared1.ID),
}
2023-05-01 14:53:23 +00:00
app.db.Save(nodes2InShared1)
baseDomain := "foobar.headscale.net"
dnsConfigOrig := tailcfg.DNSConfig{
2022-06-11 15:33:48 +00:00
Routes: make(map[string][]*dnstype.Resolver),
Domains: []string{baseDomain},
Proxied: false,
}
2023-05-01 14:53:23 +00:00
peersOfNode1Shared1, err := app.getPeers(nodesInShared1)
c.Assert(err, check.IsNil)
2021-11-15 16:16:04 +00:00
dnsConfig := getMapResponseDNSConfig(
&dnsConfigOrig,
baseDomain,
2023-05-01 14:53:23 +00:00
*nodesInShared1,
peersOfNode1Shared1,
2021-11-15 16:16:04 +00:00
)
c.Assert(dnsConfig, check.NotNil)
c.Assert(len(dnsConfig.Routes), check.Equals, 0)
c.Assert(len(dnsConfig.Domains), check.Equals, 1)
}