ipn/ipnlocal, net/dns*, util/cloudenv: add AWS DNS support

And remove the GCP special-casing from ipn/ipnlocal; do it only in the
forwarder for *.internal.

Fixes #4980
Fixes #4981

Change-Id: I5c481e96d91f3d51d274a80fbd37c38f16dfa5cb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

ipn/ipnlocal/dnsconfig_test.go

@@ -306,42 +306,6 @@ func TestDNSConfigForNetmap(t *testing.T) {
 				Routes: map[dnsname.FQDN][]*dnstype.Resolver{},
 			},
 		},
-		{
-			name: "google_cloud",
-			nm: &netmap.NetworkMap{
-				DNS: tailcfg.DNSConfig{},
-			},
-			cloud: cloudenv.GCP,
-			prefs: &ipn.Prefs{
-				CorpDNS: true,
-			},
-			want: &dns.Config{
-				Hosts: map[dnsname.FQDN][]netaddr.IP{},
-				Routes: map[dnsname.FQDN][]*dnstype.Resolver{
-					"internal.": []*dnstype.Resolver{{Addr: cloudenv.GoogleMetadataAndDNSIP}},
-				},
-			},
-		},
-		{
-			name: "google_cloud_with_exiting_internal",
-			nm: &netmap.NetworkMap{
-				DNS: tailcfg.DNSConfig{
-					Routes: map[string][]*dnstype.Resolver{
-						".internal": []*dnstype.Resolver{{Addr: "1.2.3.4"}},
-					},
-				},
-			},
-			cloud: cloudenv.GCP,
-			prefs: &ipn.Prefs{
-				CorpDNS: true,
-			},
-			want: &dns.Config{
-				Hosts: map[dnsname.FQDN][]netaddr.IP{},
-				Routes: map[dnsname.FQDN][]*dnstype.Resolver{
-					"internal.": []*dnstype.Resolver{{Addr: "1.2.3.4"}},
-				},
-			},
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -350,7 +314,7 @@ func TestDNSConfigForNetmap(t *testing.T) {
 				verOS = "linux"
 			}
 			var log tstest.MemLogger
-			got := dnsConfigForNetmap(tt.nm, tt.prefs, log.Logf, verOS, tt.cloud)
+			got := dnsConfigForNetmap(tt.nm, tt.prefs, log.Logf, verOS)
 			if !reflect.DeepEqual(got, tt.want) {
 				gotj, _ := json.MarshalIndent(got, "", "\t")
 				wantj, _ := json.MarshalIndent(tt.want, "", "\t")

ipn/ipnlocal/local.go

@@ -48,7 +48,6 @@ import (
 	"tailscale.com/types/persist"
 	"tailscale.com/types/preftype"
 	"tailscale.com/types/views"
-	"tailscale.com/util/cloudenv"
 	"tailscale.com/util/deephash"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/multierr"
@@ -2222,7 +2221,7 @@ func (b *LocalBackend) authReconfig() {
 	}
 
 	rcfg := b.routerConfig(cfg, prefs, oneCGNATRoute)
-	dcfg := dnsConfigForNetmap(nm, prefs, b.logf, version.OS(), cloudenv.Get())
+	dcfg := dnsConfigForNetmap(nm, prefs, b.logf, version.OS())
 
 	err = b.e.Reconfig(cfg, rcfg, dcfg, nm.Debug)
 	if err == wgengine.ErrNoChanges {
@@ -2238,7 +2237,7 @@ func (b *LocalBackend) authReconfig() {
 //
 // The versionOS is a Tailscale-style version ("iOS", "macOS") and not
 // a runtime.GOOS.
-func dnsConfigForNetmap(nm *netmap.NetworkMap, prefs *ipn.Prefs, logf logger.Logf, versionOS string, cloud cloudenv.Cloud) *dns.Config {
+func dnsConfigForNetmap(nm *netmap.NetworkMap, prefs *ipn.Prefs, logf logger.Logf, versionOS string) *dns.Config {
 	dcfg := &dns.Config{
 		Routes: map[dnsname.FQDN][]*dnstype.Resolver{},
 		Hosts:  map[dnsname.FQDN][]netaddr.IP{},
@@ -2327,18 +2326,6 @@ func dnsConfigForNetmap(nm *netmap.NetworkMap, prefs *ipn.Prefs, logf logger.Log
 		}
 	}
 
-	// If we're running on Google Cloud Platform, add a DNS route for its
-	// *.internal DNS names to its metadata DNS IP, unless the tailnet already
-	// defines one. This is especially important on their standard VM images
-	// that don't included systemd-resolved, so we were effectively breaking
-	// their *.internal DNS names previously when the tailnet had explicit DNS
-	// servers set ("override local DNS" checked).
-	if cloud == cloudenv.GCP {
-		if _, ok := dcfg.Routes["internal."]; !ok {
-			dcfg.Routes["internal."] = []*dnstype.Resolver{{Addr: cloudenv.GoogleMetadataAndDNSIP}}
-		}
-	}
-
 	addDefault := func(resolvers []*dnstype.Resolver) {
 		for _, r := range resolvers {
 			dcfg.DefaultResolvers = append(dcfg.DefaultResolvers, r)