net/dns/resolver: add live reconfig, plumb through to ipnlocal.

The resolver still only supports a single upstream config, and ipn/wgengine still have to split up the DNS config, but this moves closer to unifying the DNS configs. As a handy side-effect of the refactor, IPv6 MagicDNS records exist now. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-08-13 06:07:34 +00:00 · 2021-04-01 01:33:58 -07:00
parent caeafc4a32
commit 90f82b6946
10 changed files with 215 additions and 541 deletions
--- a/wgengine/userspace.go
+++ b/wgengine/userspace.go
@@ -913,7 +913,7 @@ func genLocalAddrFunc(addrs []netaddr.IPPrefix) func(netaddr.IP) bool {
 	return func(t netaddr.IP) bool { return m[t] }
 }

-func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config) error {
+func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config, hosts map[string][]netaddr.IP, localDomains []string) error {
 	if routerCfg == nil {
 		panic("routerCfg must not be nil")
 	}
@@ -933,7 +933,7 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config)
 	e.mu.Unlock()

 	engineChanged := deepprint.UpdateHash(&e.lastEngineSigFull, cfg)
-	routerChanged := deepprint.UpdateHash(&e.lastRouterSig, routerCfg)
+	routerChanged := deepprint.UpdateHash(&e.lastRouterSig, routerCfg, hosts, localDomains)
 	if !engineChanged && !routerChanged {
 		return ErrNoChanges
 	}
@@ -979,20 +979,24 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config)
 	}

 	if routerChanged {
+		resolverCfg := resolver.Config{
+			Hosts:        hosts,
+			LocalDomains: localDomains,
+			Routes:       map[string][]netaddr.IPPort{},
+		}
 		if routerCfg.DNS.Proxied {
 			ips := routerCfg.DNS.Nameservers
-			upstreams := make([]net.Addr, len(ips))
+			upstreams := make([]netaddr.IPPort, len(ips))
 			for i, ip := range ips {
-				stdIP := ip.IPAddr()
-				upstreams[i] = &net.UDPAddr{
-					IP:   stdIP.IP,
+				upstreams[i] = netaddr.IPPort{
+					IP:   ip,
 					Port: 53,
-					Zone: stdIP.Zone,
 				}
 			}
-			e.resolver.SetUpstreams(upstreams)
+			resolverCfg.Routes["."] = upstreams
 			routerCfg.DNS.Nameservers = []netaddr.IP{tsaddr.TailscaleServiceIP()}
 		}
+		e.resolver.SetConfig(resolverCfg) // TODO: check error and propagate to health pkg
 		e.logf("wgengine: Reconfig: configuring router")
 		err := e.router.Set(routerCfg)
 		health.SetRouterHealth(err)
@@ -1018,10 +1022,6 @@ func (e *userspaceEngine) SetFilter(filt *filter.Filter) {
 	e.tundev.SetFilter(filt)
 }

-func (e *userspaceEngine) SetDNSMap(dm *resolver.Map) {
-	e.resolver.SetMap(dm)
-}
-
 func (e *userspaceEngine) SetStatusCallback(cb StatusCallback) {
 	e.mu.Lock()
 	defer e.mu.Unlock()
--- a/wgengine/userspace_test.go
+++ b/wgengine/userspace_test.go
@@ -108,7 +108,7 @@ func TestUserspaceEngineReconfig(t *testing.T) {
 			},
 		}

-		err = e.Reconfig(cfg, routerCfg)
+		err = e.Reconfig(cfg, routerCfg, nil, nil)
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/wgengine/watchdog.go
+++ b/wgengine/watchdog.go
@@ -14,7 +14,6 @@ import (

 	"inet.af/netaddr"
 	"tailscale.com/ipn/ipnstate"
-	"tailscale.com/net/dns/resolver"
 	"tailscale.com/net/tstun"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/netmap"
@@ -74,8 +73,8 @@ func (e *watchdogEngine) watchdog(name string, fn func()) {
 	})
 }

-func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config) error {
-	return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, routerCfg) })
+func (e *watchdogEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config, hosts map[string][]netaddr.IP, localDomains []string) error {
+	return e.watchdogErr("Reconfig", func() error { return e.wrap.Reconfig(cfg, routerCfg, hosts, localDomains) })
 }
 func (e *watchdogEngine) GetLinkMonitor() *monitor.Mon {
 	return e.wrap.GetLinkMonitor()
@@ -86,9 +85,6 @@ func (e *watchdogEngine) GetFilter() *filter.Filter {
 func (e *watchdogEngine) SetFilter(filt *filter.Filter) {
 	e.watchdog("SetFilter", func() { e.wrap.SetFilter(filt) })
 }
-func (e *watchdogEngine) SetDNSMap(dm *resolver.Map) {
-	e.watchdog("SetDNSMap", func() { e.wrap.SetDNSMap(dm) })
-}
 func (e *watchdogEngine) SetStatusCallback(cb StatusCallback) {
 	e.watchdog("SetStatusCallback", func() { e.wrap.SetStatusCallback(cb) })
 }
--- a/wgengine/wgengine.go
+++ b/wgengine/wgengine.go
@@ -9,7 +9,6 @@ import (

 	"inet.af/netaddr"
 	"tailscale.com/ipn/ipnstate"
-	"tailscale.com/net/dns/resolver"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/netmap"
 	"tailscale.com/wgengine/filter"
@@ -57,7 +56,7 @@ type Engine interface {
 	// sends an updated network map.
 	//
 	// The returned error is ErrNoChanges if no changes were made.
-	Reconfig(*wgcfg.Config, *router.Config) error
+	Reconfig(*wgcfg.Config, *router.Config, map[string][]netaddr.IP, []string) error

 	// GetFilter returns the current packet filter, if any.
 	GetFilter() *filter.Filter
@@ -65,9 +64,6 @@ type Engine interface {
 	// SetFilter updates the packet filter.
 	SetFilter(*filter.Filter)

-	// SetDNSMap updates the DNS map.
-	SetDNSMap(*resolver.Map)
-
 	// SetStatusCallback sets the function to call when the
 	// WireGuard status changes.
 	SetStatusCallback(StatusCallback)