Allow split DNS configuration without requiring global nameservers

Align behaviour of dns_config.restricted_nameservers to tailscale.

Tailscale allows split DNS configuration without requiring global nameservers.

In addition, as per [the docs](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console):

> These nameservers also configure search domains for your devices

This commit aligns headscale to tailscale by:

 * honouring dns_config.restricted_nameservers regardless of whether any global resolvers are configured
 * adding a search domain for each restricted_nameserver
This commit is contained in:
Dominic Bevacqua 2023-01-23 11:34:12 +00:00 committed by Juan Font
parent 83a538cc95
commit 26edf24477

View file

@ -411,34 +411,32 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
} }
if viper.IsSet("dns_config.restricted_nameservers") { if viper.IsSet("dns_config.restricted_nameservers") {
if len(dnsConfig.Resolvers) > 0 { dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
dnsConfig.Routes = make(map[string][]*dnstype.Resolver) domains := []string{}
restrictedDNS := viper.GetStringMapStringSlice( restrictedDNS := viper.GetStringMapStringSlice(
"dns_config.restricted_nameservers", "dns_config.restricted_nameservers",
)
for domain, restrictedNameservers := range restrictedDNS {
restrictedResolvers := make(
[]*dnstype.Resolver,
len(restrictedNameservers),
) )
for domain, restrictedNameservers := range restrictedDNS { for index, nameserverStr := range restrictedNameservers {
restrictedResolvers := make( nameserver, err := netip.ParseAddr(nameserverStr)
[]*dnstype.Resolver, if err != nil {
len(restrictedNameservers), log.Error().
) Str("func", "getDNSConfig").
for index, nameserverStr := range restrictedNameservers { Err(err).
nameserver, err := netip.ParseAddr(nameserverStr) Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
if err != nil { }
log.Error(). restrictedResolvers[index] = &dnstype.Resolver{
Str("func", "getDNSConfig"). Addr: nameserver.String(),
Err(err).
Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
}
restrictedResolvers[index] = &dnstype.Resolver{
Addr: nameserver.String(),
}
} }
dnsConfig.Routes[domain] = restrictedResolvers
} }
} else { dnsConfig.Routes[domain] = restrictedResolvers
log.Warn(). domains = append(domains, domain)
Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
} }
dnsConfig.Domains = domains
} }
if viper.IsSet("dns_config.domains") { if viper.IsSet("dns_config.domains") {