mirror of
https://github.com/tailscale/tailscale.git
synced 2025-02-22 12:58:37 +00:00
cmd/lopower: force AAAA records in DNS server
Change-Id: I79582e4ffd468c217df3e8c02bbf65d911a4f0fe Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
parent
6f97d4b26b
commit
9065c7fb00
@ -623,14 +623,19 @@ func (lp *lpServer) startTSNet(ctx context.Context) {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
lp.tsnet = &tsnet.Server{
|
ts := &tsnet.Server{
|
||||||
Dir: filepath.Join(lp.dir, "tsnet"),
|
Dir: filepath.Join(lp.dir, "tsnet"),
|
||||||
Hostname: hostname,
|
Hostname: hostname,
|
||||||
UserLogf: log.Printf,
|
UserLogf: log.Printf,
|
||||||
Ephemeral: false,
|
Ephemeral: false,
|
||||||
}
|
}
|
||||||
|
lp.tsnet = ts
|
||||||
|
ts.PreStart = func() error {
|
||||||
|
ts.Sys().DNSManager.Get().SetForceAAAA(true)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
if _, err := lp.tsnet.Up(ctx); err != nil {
|
if _, err := ts.Up(ctx); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4194,7 +4194,11 @@ func (b *LocalBackend) authReconfig() {
|
|||||||
disableSubnetsIfPAC := nm.HasCap(tailcfg.NodeAttrDisableSubnetsIfPAC)
|
disableSubnetsIfPAC := nm.HasCap(tailcfg.NodeAttrDisableSubnetsIfPAC)
|
||||||
userDialUseRoutes := nm.HasCap(tailcfg.NodeAttrUserDialUseRoutes)
|
userDialUseRoutes := nm.HasCap(tailcfg.NodeAttrUserDialUseRoutes)
|
||||||
dohURL, dohURLOK := exitNodeCanProxyDNS(nm, b.peers, prefs.ExitNodeID())
|
dohURL, dohURLOK := exitNodeCanProxyDNS(nm, b.peers, prefs.ExitNodeID())
|
||||||
dcfg := dnsConfigForNetmap(nm, b.peers, prefs, b.keyExpired, b.logf, version.OS())
|
var forceAAAA bool
|
||||||
|
if dm, ok := b.sys.DNSManager.GetOK(); ok {
|
||||||
|
forceAAAA = dm.GetForceAAAA()
|
||||||
|
}
|
||||||
|
dcfg := dnsConfigForNetmap(nm, b.peers, prefs, b.keyExpired, forceAAAA, b.logf, version.OS())
|
||||||
// If the current node is an app connector, ensure the app connector machine is started
|
// If the current node is an app connector, ensure the app connector machine is started
|
||||||
b.reconfigAppConnectorLocked(nm, prefs)
|
b.reconfigAppConnectorLocked(nm, prefs)
|
||||||
b.mu.Unlock()
|
b.mu.Unlock()
|
||||||
@ -4294,7 +4298,7 @@ func shouldUseOneCGNATRoute(logf logger.Logf, controlKnobs *controlknobs.Knobs,
|
|||||||
//
|
//
|
||||||
// The versionOS is a Tailscale-style version ("iOS", "macOS") and not
|
// The versionOS is a Tailscale-style version ("iOS", "macOS") and not
|
||||||
// a runtime.GOOS.
|
// a runtime.GOOS.
|
||||||
func dnsConfigForNetmap(nm *netmap.NetworkMap, peers map[tailcfg.NodeID]tailcfg.NodeView, prefs ipn.PrefsView, selfExpired bool, logf logger.Logf, versionOS string) *dns.Config {
|
func dnsConfigForNetmap(nm *netmap.NetworkMap, peers map[tailcfg.NodeID]tailcfg.NodeView, prefs ipn.PrefsView, selfExpired, forceAAAA bool, logf logger.Logf, versionOS string) *dns.Config {
|
||||||
if nm == nil {
|
if nm == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -4357,7 +4361,7 @@ func dnsConfigForNetmap(nm *netmap.NetworkMap, peers map[tailcfg.NodeID]tailcfg.
|
|||||||
// https://github.com/tailscale/tailscale/issues/1152
|
// https://github.com/tailscale/tailscale/issues/1152
|
||||||
// tracks adding the right capability reporting to
|
// tracks adding the right capability reporting to
|
||||||
// enable AAAA in MagicDNS.
|
// enable AAAA in MagicDNS.
|
||||||
if addr.Addr().Is6() && have4 {
|
if addr.Addr().Is6() && have4 && !forceAAAA {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
ips = append(ips, addr.Addr())
|
ips = append(ips, addr.Addr())
|
||||||
|
|||||||
@ -1298,7 +1298,7 @@ func TestDNSConfigForNetmapForExitNodeConfigs(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
prefs := &ipn.Prefs{ExitNodeID: tc.exitNode, CorpDNS: true}
|
prefs := &ipn.Prefs{ExitNodeID: tc.exitNode, CorpDNS: true}
|
||||||
got := dnsConfigForNetmap(nm, peersMap(tc.peers), prefs.View(), false, t.Logf, "")
|
got := dnsConfigForNetmap(nm, peersMap(tc.peers), prefs.View(), false, false, t.Logf, "")
|
||||||
if !resolversEqual(t, got.DefaultResolvers, tc.wantDefaultResolvers) {
|
if !resolversEqual(t, got.DefaultResolvers, tc.wantDefaultResolvers) {
|
||||||
t.Errorf("DefaultResolvers: got %#v, want %#v", got.DefaultResolvers, tc.wantDefaultResolvers)
|
t.Errorf("DefaultResolvers: got %#v, want %#v", got.DefaultResolvers, tc.wantDefaultResolvers)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -64,6 +64,7 @@ type Manager struct {
|
|||||||
// config is the last configuration we successfully compiled or nil if there
|
// config is the last configuration we successfully compiled or nil if there
|
||||||
// was any failure applying the last configuration.
|
// was any failure applying the last configuration.
|
||||||
config *Config
|
config *Config
|
||||||
|
forceAAAA bool // whether client wants MagicDNS AAAA even if unsure of host's IPv6 status
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewManagers created a new manager from the given config.
|
// NewManagers created a new manager from the given config.
|
||||||
@ -128,6 +129,18 @@ func (m *Manager) GetBaseConfig() (OSConfig, error) {
|
|||||||
return m.os.GetBaseConfig()
|
return m.os.GetBaseConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *Manager) GetForceAAAA() bool {
|
||||||
|
m.mu.Lock()
|
||||||
|
defer m.mu.Unlock()
|
||||||
|
return m.forceAAAA
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) SetForceAAAA(v bool) {
|
||||||
|
m.mu.Lock()
|
||||||
|
defer m.mu.Unlock()
|
||||||
|
m.forceAAAA = v
|
||||||
|
}
|
||||||
|
|
||||||
// setLocked sets the DNS configuration.
|
// setLocked sets the DNS configuration.
|
||||||
//
|
//
|
||||||
// m.mu must be held.
|
// m.mu must be held.
|
||||||
|
|||||||
@ -121,6 +121,11 @@ type Server struct {
|
|||||||
// field at zero unless you know what you are doing.
|
// field at zero unless you know what you are doing.
|
||||||
Port uint16
|
Port uint16
|
||||||
|
|
||||||
|
// PreStart is an optional hook to run just before LocalBackend.Start,
|
||||||
|
// to reconfigure internals. If it returns an error, Server.Start
|
||||||
|
// will return that error, wrapper.
|
||||||
|
PreStart func() error
|
||||||
|
|
||||||
getCertForTesting func(*tls.ClientHelloInfo) (*tls.Certificate, error)
|
getCertForTesting func(*tls.ClientHelloInfo) (*tls.Certificate, error)
|
||||||
|
|
||||||
initOnce sync.Once
|
initOnce sync.Once
|
||||||
@ -616,6 +621,13 @@ func (s *Server) start() (reterr error) {
|
|||||||
prefs.ControlURL = s.ControlURL
|
prefs.ControlURL = s.ControlURL
|
||||||
prefs.RunWebClient = s.RunWebClient
|
prefs.RunWebClient = s.RunWebClient
|
||||||
authKey := s.getAuthKey()
|
authKey := s.getAuthKey()
|
||||||
|
|
||||||
|
if f := s.PreStart; f != nil {
|
||||||
|
if err := f(); err != nil {
|
||||||
|
return fmt.Errorf("PreStart: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
err = lb.Start(ipn.Options{
|
err = lb.Start(ipn.Options{
|
||||||
UpdatePrefs: prefs,
|
UpdatePrefs: prefs,
|
||||||
AuthKey: authKey,
|
AuthKey: authKey,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user