net/dns: work around WSL DNS implementation flaws.

Fixes tailscale/corp#1662 Signed-off-by: David Anderson <danderson@tailscale.com>
2024-11-29 04:55:31 +00:00 · 2021-04-26 15:14:41 -07:00 · 2021-04-26 15:14:41 -07:00 · 97d2fa2f56
commit 97d2fa2f56
parent ffe6c8e335
2 changed files with 29 additions and 2 deletions
--- a/net/dns/manager.go
+++ b/net/dns/manager.go
@ -5,6 +5,7 @@
 package dns

 import (
+	"runtime"
 	"strings"
 	"time"

@ -118,7 +119,27 @@ func (m *Manager) compileConfig(cfg Config) (resolver.Config, OSConfig, error) {
 	var rcfg resolver.Config
 	var ocfg OSConfig

-	if !cfg.hasHosts() && cfg.singleResolverSet() != nil && m.os.SupportsSplitDNS() {
+	// Workaround for
+	// https://github.com/tailscale/corp/issues/1662. Even though
+	// Windows natively supports split DNS, it only configures linux
+	// containers using whatever the primary is, and doesn't apply
+	// NRPT rules to DNS traffic coming from WSL.
+	//
+	// In order to make WSL work okay when the host Windows is using
+	// Tailscale, we need to set up quad-100 as a "full proxy"
+	// resolver, regardless of whether Windows itself can do split
+	// DNS. We still make Windows do split DNS itself when it can, but
+	// quad-100 will still have the full split configuration as well,
+	// and so can service WSL requests correctly.
+	//
+	// This bool is used in a couple of places below to implement this
+	// workaround.
+	isWindows := runtime.GOOS == "windows"
+
+	// The windows check is for
+	// . See also below
+	// for further routing workarounds there.
+	if !cfg.hasHosts() && cfg.singleResolverSet() != nil && m.os.SupportsSplitDNS() && !isWindows {
 		// Split DNS configuration requested, where all split domains
 		// go to the same resolvers. We can let the OS do it.
 		return resolver.Config{}, OSConfig{
@ -148,7 +169,8 @@ func (m *Manager) compileConfig(cfg Config) (resolver.Config, OSConfig, error) {
 	// resolver config and blend it into our config.
 	if m.os.SupportsSplitDNS() {
 		ocfg.MatchDomains = cfg.matchDomains()
-	} else {
+	}
+	if !m.os.SupportsSplitDNS() || isWindows {
 		bcfg, err := m.os.GetBaseConfig()
 		if err != nil {
 			// Temporary hack to make OSes where split-DNS isn't fully
--- a/net/dns/manager_test.go
+++ b/net/dns/manager_test.go
@ -5,6 +5,7 @@
 package dns

 import (
+	"runtime"
 	"testing"

 	"github.com/google/go-cmp/cmp"
@ -45,6 +46,10 @@ func (c *fakeOSConfigurator) GetBaseConfig() (OSConfig, error) {
 func (c *fakeOSConfigurator) Close() error { return nil }

 func TestManager(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skipf("test's assumptions break because of https://github.com/tailscale/corp/issues/1662")
+	}
+
 	// Note: these tests assume that it's safe to switch the
 	// OSConfigurator's split-dns support on and off between Set
 	// calls. Empirically this is currently true, because we reprobe