net/dnscache, net/tsdial: add DNS caching to tsdial UserDial

This is enough to handle the DNS queries as generated by Go's net package (which our HTTP/SOCKS client uses), and the responses generated by the ExitDNS DoH server. This isn't yet suitable for putting on 100.100.100.100 where a number of different DNS clients would hit it, as this doesn't yet do EDNS0. It might work, but it's untested and likely incomplete. Likewise, this doesn't handle anything about truncation, as the exchanges are entirely in memory between Go or DoH. That would also need to be handled later, if/when it's hooked up to 100.100.100.100. Updates #3507 Change-Id: I1736b0ad31eea85ea853b310c52c5e6bf65c6e2a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-03 02:21:58 +00:00 · 2021-12-06 14:41:30 -08:00
parent b59e7669c1
commit 39ffa16853
8 changed files with 649 additions and 9 deletions
--- a/net/tsdial/tsdial.go
+++ b/net/tsdial/tsdial.go
@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"runtime"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -18,6 +19,7 @@ import (
 	"time"

 	"inet.af/netaddr"
+	"tailscale.com/net/dnscache"
 	"tailscale.com/net/netknob"
 	"tailscale.com/types/netmap"
 	"tailscale.com/wgengine/monitor"
@@ -48,7 +50,8 @@ type Dialer struct {
 	dns            dnsMap
 	tunName        string // tun device name
 	linkMon        *monitor.Mon
-	exitDNSDoHBase string // non-empty if DoH-proxying exit node in use; base URL+path (without '?')
+	exitDNSDoHBase string                 // non-empty if DoH-proxying exit node in use; base URL+path (without '?')
+	dnsCache       *dnscache.MessageCache // nil until first first non-empty SetExitDNSDoH
 }

 // SetTUNName sets the name of the tun device in use ("tailscale0", "utun6",
@@ -76,7 +79,16 @@ func (d *Dialer) TUNName() string {
 func (d *Dialer) SetExitDNSDoH(doh string) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
+	if d.exitDNSDoHBase == doh {
+		return
+	}
 	d.exitDNSDoHBase = doh
+	if doh != "" && d.dnsCache == nil {
+		d.dnsCache = new(dnscache.MessageCache)
+	}
+	if d.dnsCache != nil {
+		d.dnsCache.Flush()
+	}
 }

 func (d *Dialer) SetLinkMonitor(mon *monitor.Mon) {
@@ -149,12 +161,14 @@ func (d *Dialer) userDialResolve(ctx context.Context, network, addr string) (net
 	}

 	var r net.Resolver
-	if exitDNSDoH != "" {
+	if exitDNSDoH != "" && runtime.GOOS != "windows" { // Windows: https://github.com/golang/go/issues/33097
+		r.PreferGo = true
 		r.Dial = func(ctx context.Context, network, address string) (net.Conn, error) {
 			return &dohConn{
-				ctx:     ctx,
-				baseURL: exitDNSDoH,
-				hc:      d.PeerAPIHTTPClient(),
+				ctx:      ctx,
+				baseURL:  exitDNSDoH,
+				hc:       d.PeerAPIHTTPClient(),
+				dnsCache: d.dnsCache,
 			}, nil
 		}
 	}