cmd/lopower: set ultimate fallback DNS servers

Change-Id: I044d6c7b9dc4b874f3c60d2c6ce2105bafc00639 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-24 20:27:51 +00:00 · 2024-11-03 14:21:57 -08:00
parent f39f8ab4d7
commit b8d9c3bc88
2 changed files with 34 additions and 3 deletions
--- a/cmd/lopower/lopower.go
+++ b/cmd/lopower/lopower.go
@@ -50,6 +50,7 @@ import (
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/syncs"
 	"tailscale.com/tsnet"
+	"tailscale.com/types/dnstype"
 	"tailscale.com/types/ipproto"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
@@ -638,7 +639,22 @@ func (lp *lpServer) startTSNet(ctx context.Context) {
 	}
 	lp.tsnet = ts
 	ts.PreStart = func() error {
-		ts.Sys().DNSManager.Get().SetForceAAAA(true)
+		dnsMgr := ts.Sys().DNSManager.Get()
+		dnsMgr.SetForceAAAA(true)
+
+		// Force fallback resolvers to Google and Cloudflare as an ultimate
+		// fallback in case the Tailnet DNS servers are not set/forced. Normally
+		// tailscaled would resort to using the OS DNS resolvers, but
+		// tsnet/userspace binaries don't do that (yet?), so this is the
+		// "Opionated" part of the "LOPOWER" name. The opinion is just using
+		// big providers known to work. (Normally stock tailscaled never
+		// makes such opinions and never defaults to any big provider, unless
+		// you're already running on that big provider's network so have
+		// already indicated you're fine with them.))
+		dnsMgr.SetForceFallbackResolvers([]*dnstype.Resolver{
+			{Addr: "8.8.8.8"},
+			{Addr: "1.1.1.1"},
+		})
 		return nil
 	}