From c071bcda332c9a0d00324b2b03ca0b508adbc61f Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Sat, 4 Sep 2021 22:32:28 -0700
Subject: [PATCH] net/dns: relax systemd-resolved detection.

Reported on IRC: a resolv.conf that contained two entries for
"nameserver 127.0.0.53", which defeated our "is resolved actually
in charge" check. Relax that check to allow any number of nameservers,
as long as they're all 127.0.0.53.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 net/dns/manager_linux.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/net/dns/manager_linux.go b/net/dns/manager_linux.go
index 99e170495..63f06276b 100644
--- a/net/dns/manager_linux.go
+++ b/net/dns/manager_linux.go
@@ -221,8 +221,17 @@ func resolvedIsActuallyResolver(fs wholeFileFS) error {
 	if err != nil {
 		return err
 	}
-	if len(cfg.Nameservers) != 1 || cfg.Nameservers[0] != netaddr.IPv4(127, 0, 0, 53) {
-		return errors.New("resolv.conf doesn't point to systemd-resolved")
+	// We've encountered at least one system where the line
+	// "nameserver 127.0.0.53" appears twice, so we look exhaustively
+	// through all of them and allow any number of repeated mentions
+	// of the systemd-resolved stub IP.
+	if len(cfg.Nameservers) == 0 {
+		return errors.New("resolv.conf has no nameservers")
+	}
+	for _, ns := range cfg.Nameservers {
+		if ns != netaddr.IPv4(127, 0, 0, 53) {
+			return errors.New("resolv.conf doesn't point to systemd-resolved")
+		}
 	}
 	return nil
 }