mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
net/dns: set appropriate Windows registry values to prevent it from sending DNS changes concerning our interface to AD domain controllers.
We do this unconditionally inside SetDNS such that the values are always set before we make any other changes to DNS configurations. It should not be harmful for the settings to remain even when other DNS settings are cleared out (since they only affect our network interface). See https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003 for details about the registry value. Fixes https://github.com/tailscale/tailscale/issues/4829 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
This commit is contained in:
parent
8cdfd12977
commit
4baf34cf25
@ -215,6 +215,11 @@ func (m windowsManager) SetDNS(cfg OSConfig) error {
|
|||||||
// configuration only, routing one set of things to the "split"
|
// configuration only, routing one set of things to the "split"
|
||||||
// resolver and the rest to the primary.
|
// resolver and the rest to the primary.
|
||||||
|
|
||||||
|
// Unconditionally disable dynamic DNS updates on our interfaces.
|
||||||
|
if err := m.disableDynamicUpdates(); err != nil {
|
||||||
|
m.logf("disableDynamicUpdates error: %v\n", err)
|
||||||
|
}
|
||||||
|
|
||||||
if len(cfg.MatchDomains) == 0 {
|
if len(cfg.MatchDomains) == 0 {
|
||||||
if err := m.setSplitDNS(nil, nil); err != nil {
|
if err := m.setSplitDNS(nil, nil); err != nil {
|
||||||
return err
|
return err
|
||||||
@ -295,6 +300,29 @@ func (m windowsManager) Close() error {
|
|||||||
return m.SetDNS(OSConfig{})
|
return m.SetDNS(OSConfig{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// disableDynamicUpdates sets the appropriate registry values to prevent the
|
||||||
|
// Windows DHCP client from sending dynamic DNS updates for our interface to
|
||||||
|
// AD domain controllers.
|
||||||
|
func (m windowsManager) disableDynamicUpdates() error {
|
||||||
|
setRegValue := func(regBase string) error {
|
||||||
|
key, err := m.openKey(m.ifPath(regBase))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer key.Close()
|
||||||
|
|
||||||
|
return key.SetDWordValue("DisableDynamicUpdate", 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, regBase := range []string{ipv4RegBase, ipv6RegBase} {
|
||||||
|
if err := setRegValue(regBase); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (m windowsManager) GetBaseConfig() (OSConfig, error) {
|
func (m windowsManager) GetBaseConfig() (OSConfig, error) {
|
||||||
resolvers, err := m.getBasePrimaryResolver()
|
resolvers, err := m.getBasePrimaryResolver()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user