mirror of
https://github.com/tailscale/tailscale.git
synced 2025-12-03 10:31:59 +00:00
net/dns: implement a DNS override workaround for legacy resolvconf.
Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson
committed by
Dave Anderson
Dave Anderson
parent
1a371b93be
commit
5480189313
55
net/dns/resolvconf-workaround.sh
Normal file
55
net/dns/resolvconf-workaround.sh
Normal file
@@ -0,0 +1,55 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
#
|
||||
# This script is a workaround for a vpn-unfriendly behavior of the
|
||||
# original resolvconf by Thomas Hood. Unlike the `openresolv`
|
||||
# implementation (whose binary is also called resolvconf,
|
||||
# confusingly), the original resolvconf lacks a way to specify
|
||||
# "exclusive mode" for a provider configuration. In practice, this
|
||||
# means that if Tailscale wants to install a DNS configuration, that
|
||||
# config will get "blended" with the configs from other sources,
|
||||
# rather than override those other sources.
|
||||
#
|
||||
# This script gets installed at /etc/resolvconf/update-libc.d, which
|
||||
# is a directory of hook scripts that get run after resolvconf's libc
|
||||
# helper has finished rewriting /etc/resolv.conf. It's meant to notify
|
||||
# consumers of resolv.conf of a new configuration.
|
||||
#
|
||||
# Instead, we use that hook mechanism to reach into resolvconf's
|
||||
# stuff, and rewrite the libc-generated resolv.conf to exclusively
|
||||
# contain Tailscale's configuration - effectively implementing
|
||||
# exclusive mode ourselves in post-production.
|
||||
|
||||
set -e
|
||||
|
||||
if [ -n "$TAILSCALE_RESOLVCONF_HOOK_LOOP" ]; then
|
||||
# Hook script being invoked by itself, skip.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ ! -f tun-tailscale.inet ]; then
|
||||
# Tailscale isn't trying to manage DNS, do nothing.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if ! grep resolvconf /etc/resolv.conf >/dev/null; then
|
||||
# resolvconf isn't managing /etc/resolv.conf, do nothing.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Write out a modified /etc/resolv.conf containing just our config.
|
||||
(
|
||||
if [ -f /etc/resolvconf/resolv.conf.d/head ]; then
|
||||
cat /etc/resolvconf/resolv.conf.d/head
|
||||
fi
|
||||
echo "# Tailscale workaround applied to set exclusive DNS configuration."
|
||||
cat tun-tailscale.inet
|
||||
) >/etc/resolv.conf
|
||||
|
||||
if [ -d /etc/resolvconf/update-libc.d ] ; then
|
||||
# Re-notify libc watchers that we've changed resolv.conf again.
|
||||
export TAILSCALE_RESOLVCONF_HOOK_LOOP=1
|
||||
exec run-parts /etc/resolvconf/update-libc.d
|
||||
fi
|
||||
Reference in New Issue
Block a user