ipnlocal, net/{dns,tsaddr,tstun}, wgengine: support MagicDNS on IPv6

Fixes #3660 RELNOTE=MagicDNS now works over IPv6 when CGNAT IPv4 is disabled. Change-Id: I001e983df5feeb65289abe5012dedd177b841b45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-01-04 13:33:08 -08:00
parent e2d9c99e5b
commit 506c727e30
9 changed files with 105 additions and 35 deletions
--- a/net/dns/config.go
+++ b/net/dns/config.go
@@ -11,6 +11,7 @@ import (

 	"inet.af/netaddr"
 	"tailscale.com/net/dns/resolver"
+	"tailscale.com/net/tsaddr"
 	"tailscale.com/types/dnstype"
 	"tailscale.com/util/dnsname"
 )
@@ -40,6 +41,16 @@ type Config struct {
 	// it to resolve, you also need to add appropriate routes to
 	// Routes.
 	Hosts map[dnsname.FQDN][]netaddr.IP
+	// OnlyIPv6, if true, uses the IPv6 service IP (for MagicDNS)
+	// instead of the IPv4 version (100.100.100.100).
+	OnlyIPv6 bool
+}
+
+func (c *Config) serviceIP() netaddr.IP {
+	if c.OnlyIPv6 {
+		return tsaddr.TailscaleServiceIPv6()
+	}
+	return tsaddr.TailscaleServiceIP()
 }

 // WriteToBufioWriter write a debug version of c for logs to w, omitting
--- a/net/dns/manager.go
+++ b/net/dns/manager.go
@@ -12,7 +12,6 @@ import (
 	"inet.af/netaddr"
 	"tailscale.com/health"
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/tsaddr"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/types/dnstype"
 	"tailscale.com/types/logger"
@@ -122,7 +121,7 @@ func (m *Manager) compileConfig(cfg Config) (rcfg resolver.Config, ocfg OSConfig
 		// through quad-100.
 		rcfg.Routes = routes
 		rcfg.Routes["."] = cfg.DefaultResolvers
-		ocfg.Nameservers = []netaddr.IP{tsaddr.TailscaleServiceIP()}
+		ocfg.Nameservers = []netaddr.IP{cfg.serviceIP()}
 		return rcfg, ocfg, nil
 	}

@@ -159,7 +158,7 @@ func (m *Manager) compileConfig(cfg Config) (rcfg resolver.Config, ocfg OSConfig
 	// or routes + MagicDNS, or just MagicDNS, or on an OS that cannot
 	// split-DNS. Install a split config pointing at quad-100.
 	rcfg.Routes = routes
-	ocfg.Nameservers = []netaddr.IP{tsaddr.TailscaleServiceIP()}
+	ocfg.Nameservers = []netaddr.IP{cfg.serviceIP()}

 	// If the OS can't do native split-dns, read out the underlying
 	// resolver config and blend it into our config.
--- a/net/dns/resolver/tsdns.go
+++ b/net/dns/resolver/tsdns.go
@@ -377,7 +377,7 @@ func (r *Resolver) HandleExitNodeDNSQuery(ctx context.Context, q []byte, from ne
 		// TODO: more than 1 resolver from /etc/resolv.conf?

 		var resolvers []resolverAndDelay
-		if nameserver == tsaddr.TailscaleServiceIP() {
+		if nameserver == tsaddr.TailscaleServiceIP() || nameserver == tsaddr.TailscaleServiceIPv6() {
 			// If resolv.conf says 100.100.100.100, it's coming right back to us anyway
 			// so avoid the loop through the kernel and just do what we
 			// would've done anyway. By not passing any resolvers, the forwarder