cmd/lopower: set ultimate fallback DNS servers

Change-Id: I044d6c7b9dc4b874f3c60d2c6ce2105bafc00639
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

cmd/lopower/lopower.go

@@ -50,6 +50,7 @@
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/syncs"
 	"tailscale.com/tsnet"
+	"tailscale.com/types/dnstype"
 	"tailscale.com/types/ipproto"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
@@ -638,7 +639,22 @@ func (lp *lpServer) startTSNet(ctx context.Context) {
 	}
 	lp.tsnet = ts
 	ts.PreStart = func() error {
-		ts.Sys().DNSManager.Get().SetForceAAAA(true)
+		dnsMgr := ts.Sys().DNSManager.Get()
+		dnsMgr.SetForceAAAA(true)
+
+		// Force fallback resolvers to Google and Cloudflare as an ultimate
+		// fallback in case the Tailnet DNS servers are not set/forced. Normally
+		// tailscaled would resort to using the OS DNS resolvers, but
+		// tsnet/userspace binaries don't do that (yet?), so this is the
+		// "Opionated" part of the "LOPOWER" name. The opinion is just using
+		// big providers known to work. (Normally stock tailscaled never
+		// makes such opinions and never defaults to any big provider, unless
+		// you're already running on that big provider's network so have
+		// already indicated you're fine with them.))
+		dnsMgr.SetForceFallbackResolvers([]*dnstype.Resolver{
+			{Addr: "8.8.8.8"},
+			{Addr: "1.1.1.1"},
+		})
 		return nil
 	}
 

net/dns/manager.go

@@ -63,8 +63,9 @@ type Manager struct {
 	mu sync.Mutex // guards following
 	// config is the last configuration we successfully compiled or nil if there
 	// was any failure applying the last configuration.
-	config    *Config
-	forceAAAA bool // whether client wants MagicDNS AAAA even if unsure of host's IPv6 status
+	config                 *Config
+	forceAAAA              bool // whether client wants MagicDNS AAAA even if unsure of host's IPv6 status
+	forceFallbackResolvers []*dnstype.Resolver
 }
 
 // NewManagers created a new manager from the given config.
@@ -141,6 +142,16 @@ func (m *Manager) SetForceAAAA(v bool) {
 	m.forceAAAA = v
 }
 
+// SetForceFallbackResolvers sets the resolvers to use to override
+// the fallback resolvers if the control plane doesn't send any.
+//
+// It takes ownership of the provided slice.
+func (m *Manager) SetForceFallbackResolvers(resolvers []*dnstype.Resolver) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	m.forceFallbackResolvers = resolvers
+}
+
 // setLocked sets the DNS configuration.
 //
 // m.mu must be held.
@@ -159,6 +170,10 @@ func (m *Manager) setLocked(cfg Config) error {
 		return err
 	}
 
+	if _, ok := rcfg.Routes["."]; !ok && len(m.forceFallbackResolvers) > 0 {
+		rcfg.Routes["."] = m.forceFallbackResolvers
+	}
+
 	m.logf("Resolvercfg: %v", logger.ArgWriter(func(w *bufio.Writer) {
 		rcfg.WriteToBufioWriter(w)
 	}))