Add support for "override local DNS" (#905)

* Add support for "override local DNS"

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update cli dump test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

CHANGELOG.md

@@ -21,6 +21,7 @@
 - Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
 - Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
 - Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
+- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
 - Fix some DNS config issues [#660](https://github.com/juanfont/headscale/issues/660)
 
 ## 0.16.4 (2022-08-21)

config-example.yaml

@@ -192,6 +192,9 @@ acl_policy_path: ""
 # - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
 #
 dns_config:
+  # Whether to prefer using Headscale provided DNS or use local.
+  override_local_dns: true
+
   # List of DNS servers to expose to clients.
   nameservers:
     - 1.1.1.1

config.go

@@ -160,6 +160,7 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("log.format", TextLogFormat)
 
 	viper.SetDefault("dns_config", nil)
+	viper.SetDefault("dns_config.override_local_dns", true)
 
 	viper.SetDefault("derp.server.enabled", false)
 	viper.SetDefault("derp.server.stun.enabled", true)
@@ -377,6 +378,8 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 	if viper.IsSet("dns_config") {
 		dnsConfig := &tailcfg.DNSConfig{}
 
+		overrideLocalDNS := viper.GetBool("dns_config.override_local_dns")
+
 		if viper.IsSet("dns_config.nameservers") {
 			nameserversStr := viper.GetStringSlice("dns_config.nameservers")
 
@@ -399,7 +402,12 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 			}
 
 			dnsConfig.Nameservers = nameservers
-			dnsConfig.Resolvers = resolvers
+
+			if overrideLocalDNS {
+				dnsConfig.Resolvers = resolvers
+			} else {
+				dnsConfig.FallbackResolvers = resolvers
+			}
 		}
 
 		if viper.IsSet("dns_config.restricted_nameservers") {

integration_test/etc/alt-config.dump.gold.yaml

@@ -14,6 +14,7 @@ derp:
   urls:
     - https://controlplane.tailscale.com/derpmap/default
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   domains: []
   magic_dns: true

integration_test/etc/alt-config.yaml

@@ -8,6 +8,7 @@ ip_prefixes:
   - fd7a:115c:a1e0::/48
   - 100.64.0.0/10
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   magic_dns: true
   domains: []

integration_test/etc/alt-env-config.dump.gold.yaml

@@ -14,6 +14,7 @@ derp:
   urls:
     - https://controlplane.tailscale.com/derpmap/default
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   domains: []
   magic_dns: true

integration_test/etc/alt-env-config.yaml

@@ -8,6 +8,7 @@ ip_prefixes:
   - fd7a:115c:a1e0::/48
   - 100.64.0.0/10
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   magic_dns: true
   domains: []

integration_test/etc/config.dump.gold.yaml

@@ -14,6 +14,7 @@ derp:
   urls:
     - https://controlplane.tailscale.com/derpmap/default
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   domains: []
   magic_dns: true

integration_test/etc/config.yaml

@@ -8,6 +8,7 @@ ip_prefixes:
   - fd7a:115c:a1e0::/48
   - 100.64.0.0/10
 dns_config:
+  override_local_dns: true
   base_domain: headscale.net
   magic_dns: true
   domains: []