net/dns: add temporary fallback to quad-9 resolver for split-DNS testing.

This allows split-DNS configurations to not break clients on OSes that haven't yet been ported to understand split DNS, by falling back to quad-9 as a global resolver when handed an "impossible to implement" split-DNS config. Part of #953. Needs to be removed before shipping 1.8. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-02-21 12:28:39 +00:00 · 2021-04-08 23:26:22 -07:00 · 2021-04-08 23:26:22 -07:00 · 2685260ba1
commit 2685260ba1
parent b9e194c14b
1 changed files with 22 additions and 1 deletions
--- a/net/dns/manager.go
+++ b/net/dns/manager.go
@ -168,7 +168,28 @@ func (m *Manager) compileConfig(cfg Config) (resolver.Config, OSConfig, error) {
 	} else {
 		bcfg, err := m.os.GetBaseConfig()
 		if err != nil {
-			return resolver.Config{}, OSConfig{}, err
+			// Temporary hack to make OSes where split-DNS isn't fully
+			// implemented yet not completely crap out, but instead
+			// fall back to quad-9 as a hardcoded "backup resolver".
+			//
+			// This codepath currently only triggers when opted into
+			// the split-DNS feature server side, and when at least
+			// one search domain is something within tailscale.com, so
+			// we don't accidentally leak unstable user DNS queries to
+			// quad-9 if we accidentally go down this codepath.
+			canUseHack := false
+			for _, dom := range cfg.SearchDomains {
+				if strings.HasSuffix(dom, ".tailscale.com") {
+					canUseHack = true
+					break
+				}
+			}
+			if !canUseHack {
+				return resolver.Config{}, OSConfig{}, err
+			}
+			bcfg = OSConfig{
+				Nameservers: []netaddr.IP{netaddr.IPv4(9, 9, 9, 9)},
+			}
 		}
 		rcfg.Routes["."] = toIPPorts(bcfg.Nameservers)
 		ocfg.SearchDomains = append(ocfg.SearchDomains, bcfg.SearchDomains...)