tailcfg, ipn/ipnlocal, net/dns: forward exit node DNS on Unix to system DNS

Updates #1713 Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-19 06:02:57 +00:00 · 2021-11-29 14:18:09 -08:00
parent d9c21936c3
commit 135580a5a8
7 changed files with 251 additions and 57 deletions
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@@ -580,9 +580,9 @@ func (f *forwarder) forward(query packet) error {
 // It either sends to responseChan and returns nil, or returns a
 // non-nil error (without sending to the channel).
 //
-// If backupResolvers are specified, they're used in the case that no
-// upstreams are available.
-func (f *forwarder) forwardWithDestChan(ctx context.Context, query packet, responseChan chan<- packet, backupResolvers ...resolverAndDelay) error {
+// If resolvers is non-empty, it's used explicitly (notably, for exit
+// node DNS proxy queries), otherwise f.resolvers is used.
+func (f *forwarder) forwardWithDestChan(ctx context.Context, query packet, responseChan chan<- packet, resolvers ...resolverAndDelay) error {
 	metricDNSFwd.Add(1)
 	domain, err := nameFromQuery(query.bs)
 	if err != nil {
@@ -601,13 +601,12 @@ func (f *forwarder) forwardWithDestChan(ctx context.Context, query packet, respo

 	clampEDNSSize(query.bs, maxResponseBytes)

-	resolvers := f.resolvers(domain)
 	if len(resolvers) == 0 {
-		resolvers = backupResolvers
-	}
-	if len(resolvers) == 0 {
-		metricDNSFwdErrorNoUpstream.Add(1)
-		return errNoUpstreams
+		resolvers = f.resolvers(domain)
+		if len(resolvers) == 0 {
+			metricDNSFwdErrorNoUpstream.Add(1)
+			return errNoUpstreams
+		}
 	}

 	fq := &forwardQuery{