ipn/ipnlocal,net/dns/resolver: use the user dialer and routes for DNS forwarding by default, except on iOS and Android

In this PR, we make the "user-dial-routes" behavior default on all platforms except for iOS and Android. It can be disabled by setting the TS_DNS_FORWARD_USE_ROUTES envknob to 0 or false. Updates #12027 Updates #13837 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-08-21 18:42:36 +00:00 · 2025-05-09 10:25:28 -05:00
parent 3177e50b14
commit a9be049c19
5 changed files with 36 additions and 16 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -64,6 +64,7 @@ import (
 	"tailscale.com/logpolicy"
 	"tailscale.com/net/captivedetection"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/dns/resolver"
 	"tailscale.com/net/dnscache"
 	"tailscale.com/net/dnsfallback"
 	"tailscale.com/net/ipset"
@@ -4908,7 +4909,6 @@ func (b *LocalBackend) authReconfig() {
 	nm := cn.NetMap()
 	hasPAC := b.prevIfState.HasPAC()
 	disableSubnetsIfPAC := cn.SelfHasCap(tailcfg.NodeAttrDisableSubnetsIfPAC)
-	userDialUseRoutes := cn.SelfHasCap(tailcfg.NodeAttrUserDialUseRoutes)
 	dohURL, dohURLOK := cn.exitNodeCanProxyDNS(prefs.ExitNodeID())
 	dcfg := cn.dnsConfigForNetmap(prefs, b.keyExpired, b.logf, version.OS())
 	// If the current node is an app connector, ensure the app connector machine is started
@@ -4969,7 +4969,7 @@ func (b *LocalBackend) authReconfig() {
 	}
 	b.logf("[v1] authReconfig: ra=%v dns=%v 0x%02x: %v", prefs.RouteAll(), prefs.CorpDNS(), flags, err)

-	if userDialUseRoutes {
+	if resolver.ShouldUseRoutes(b.ControlKnobs()) {
 		b.dialer.SetRoutes(rcfg.Routes, rcfg.LocalRoutes)
 	} else {
 		b.dialer.SetRoutes(nil, nil)