lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

net/dns: work around WSL DNS implementation flaws. 

Fixes tailscale/corp#1662

Signed-off-by: David Anderson <danderson@tailscale.com>
pull/1807/head
David Anderson 2021-04-26 15:14:41 -07:00 committed by Dave Anderson
parent ffe6c8e335
commit 97d2fa2f56
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
net/dns/manager.go
View File

@ -5,6 +5,7 @@
package dns package dns
import ( import (
"runtime"
"strings" "strings"
"time" "time"
@ -118,7 +119,27 @@ func (m *Manager) compileConfig(cfg Config) (resolver.Config, OSConfig, error) {
var rcfg resolver.Config var rcfg resolver.Config
var ocfg OSConfig var ocfg OSConfig
if !cfg.hasHosts() && cfg.singleResolverSet() != nil && m.os.SupportsSplitDNS() { // Workaround for
// https://github.com/tailscale/corp/issues/1662. Even though
// Windows natively supports split DNS, it only configures linux
// containers using whatever the primary is, and doesn't apply
// NRPT rules to DNS traffic coming from WSL.
//
// In order to make WSL work okay when the host Windows is using
// Tailscale, we need to set up quad-100 as a "full proxy"
// resolver, regardless of whether Windows itself can do split
// DNS. We still make Windows do split DNS itself when it can, but
// quad-100 will still have the full split configuration as well,
// and so can service WSL requests correctly.
//
// This bool is used in a couple of places below to implement this
// workaround.
isWindows := runtime.GOOS == "windows"
// The windows check is for
// . See also below
// for further routing workarounds there.
if !cfg.hasHosts() && cfg.singleResolverSet() != nil && m.os.SupportsSplitDNS() && !isWindows {
// Split DNS configuration requested, where all split domains // Split DNS configuration requested, where all split domains
// go to the same resolvers. We can let the OS do it. // go to the same resolvers. We can let the OS do it.
return resolver.Config{}, OSConfig{ return resolver.Config{}, OSConfig{
@ -148,7 +169,8 @@ func (m *Manager) compileConfig(cfg Config) (resolver.Config, OSConfig, error) {
// resolver config and blend it into our config. // resolver config and blend it into our config.
if m.os.SupportsSplitDNS() { if m.os.SupportsSplitDNS() {
ocfg.MatchDomains = cfg.matchDomains() ocfg.MatchDomains = cfg.matchDomains()
} else { }
if !m.os.SupportsSplitDNS() || isWindows {
bcfg, err := m.os.GetBaseConfig() bcfg, err := m.os.GetBaseConfig()
if err != nil { if err != nil {
// Temporary hack to make OSes where split-DNS isn't fully // Temporary hack to make OSes where split-DNS isn't fully

5
net/dns/manager_test.go
View File

@ -5,6 +5,7 @@
package dns package dns
import ( import (
"runtime"
"testing" "testing"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
@ -45,6 +46,10 @@ func (c *fakeOSConfigurator) GetBaseConfig() (OSConfig, error) {
func (c *fakeOSConfigurator) Close() error { return nil } func (c *fakeOSConfigurator) Close() error { return nil }
func TestManager(t *testing.T) { func TestManager(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skipf("test's assumptions break because of https://github.com/tailscale/corp/issues/1662")
}
// Note: these tests assume that it's safe to switch the // Note: these tests assume that it's safe to switch the
// OSConfigurator's split-dns support on and off between Set // OSConfigurator's split-dns support on and off between Set
// calls. Empirically this is currently true, because we reprobe // calls. Empirically this is currently true, because we reprobe