From b267bc5e79c58c5b3071fc8213110350070531c7 Mon Sep 17 00:00:00 2001
From: James Tucker <james@tailscale.com>
Date: Mon, 10 Mar 2025 10:04:19 -0700
Subject: [PATCH] cmd/natc: add an explicit error for missing peer state

Updates tailscale/corp#26968

Signed-off-by: James Tucker <james@tailscale.com>
---
 cmd/natc/natc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cmd/natc/natc.go b/cmd/natc/natc.go
index 73ba116ff..5bf5ae360 100644
--- a/cmd/natc/natc.go
+++ b/cmd/natc/natc.go
@@ -347,7 +347,11 @@ var tsMBox = dnsmessage.MustNewName("support.tailscale.com.")
 // generateDNSResponse generates a DNS response for the given request. The from
 // argument is the NodeID of the node that sent the request.
 func (c *connector) generateDNSResponse(req *dnsmessage.Message, from tailcfg.NodeID) ([]byte, error) {
-	pm, _ := c.perPeerMap.LoadOrStore(from, &perPeerState{c: c})
+	pm, ok := c.perPeerMap.LoadOrStore(from, &perPeerState{c: c})
+	if !ok {
+		// TODO(raggi): consider returning NXDOMAIN, but it is likely this result does not want to be cached.
+		return nil, fmt.Errorf("missing peer state for %s, unable to answer query: %v", from, req)
+	}
 	var addrs []netip.Addr
 	if len(req.Questions) > 0 {
 		switch req.Questions[0].Type {