From 3a3fc3e8acfa123ab1cba2871230c1a58b8ecc8d Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sun, 3 Nov 2024 16:57:21 -0800 Subject: [PATCH] cmd/lopower: flesh out Limitations Change-Id: Ifef0f10e8a516caa5ba63c37605f3af4f183c1e0 Signed-off-by: Brad Fitzpatrick --- cmd/lopower/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/lopower/README.md b/cmd/lopower/README.md index 85fcc9bc9..874facb99 100644 --- a/cmd/lopower/README.md +++ b/cmd/lopower/README.md @@ -22,4 +22,5 @@ Tailscale LOPOWER is a proxy that you run nearby that bridges a low-power WireGu ## Limitations * this runs in userspace using gVisor's netstack. That means it's portable (and doesn't require kernel/system configuration), but that does mean it doesn't operate at a packet level but rather it stitches together two separate TCP (or UDP) flows and doesn't support IP protocols such as SCTP or other things that aren't TCP or UDP. -* the standard WireGuard configuration doesn't support specifying DNS search domains, so resolving bare names like the `go` in `http://go/foo` won't work and you need +* the standard WireGuard configuration doesn't support specifying DNS search domains, so resolving bare names like the `go` in `http://go/foo` won't work and you need to resolve names using the fully qualified `go.your-tailnet.ts.net` names. +* since it's based on userspace tsnet mode, it doesn't pick up your system DNS configuration (yet?) and instead resolves non-tailnet DNS names using either your "Override DNS" tailnet settings for the global DNS resolver, or else defaults to `8.8.8.8` and `1.1.1.1` (using DoH) if that isn't set.