2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-07-31 21:27:09 +01:00
|
|
|
|
|
|
|
package dns
|
|
|
|
|
|
|
|
import (
|
2021-07-20 06:24:43 +01:00
|
|
|
"bufio"
|
|
|
|
"fmt"
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
"net/netip"
|
2021-04-07 08:54:54 +01:00
|
|
|
"sort"
|
|
|
|
|
2022-09-06 19:15:30 +01:00
|
|
|
"tailscale.com/net/dns/publicdns"
|
2021-07-20 06:24:43 +01:00
|
|
|
"tailscale.com/net/dns/resolver"
|
2022-01-04 21:33:08 +00:00
|
|
|
"tailscale.com/net/tsaddr"
|
2021-08-03 14:56:31 +01:00
|
|
|
"tailscale.com/types/dnstype"
|
2021-04-09 23:24:47 +01:00
|
|
|
"tailscale.com/util/dnsname"
|
2020-07-31 21:27:09 +01:00
|
|
|
)
|
|
|
|
|
2021-04-02 08:34:03 +01:00
|
|
|
// Config is a DNS configuration.
|
|
|
|
type Config struct {
|
|
|
|
// DefaultResolvers are the DNS resolvers to use for DNS names
|
|
|
|
// which aren't covered by more specific per-domain routes below.
|
|
|
|
// If empty, the OS's default resolvers (the ones that predate
|
|
|
|
// Tailscale altering the configuration) are used.
|
2022-05-03 22:41:58 +01:00
|
|
|
DefaultResolvers []*dnstype.Resolver
|
2021-04-02 08:34:03 +01:00
|
|
|
// Routes maps a DNS suffix to the resolvers that should be used
|
|
|
|
// for queries that fall within that suffix.
|
|
|
|
// If a query doesn't match any entry in Routes, the
|
|
|
|
// DefaultResolvers are used.
|
2021-05-17 23:50:34 +01:00
|
|
|
// A Routes entry with no resolvers means the route should be
|
|
|
|
// authoritatively answered using the contents of Hosts.
|
2022-05-03 22:41:58 +01:00
|
|
|
Routes map[dnsname.FQDN][]*dnstype.Resolver
|
2021-04-02 08:34:03 +01:00
|
|
|
// SearchDomains are DNS suffixes to try when expanding
|
|
|
|
// single-label queries.
|
2021-04-09 23:24:47 +01:00
|
|
|
SearchDomains []dnsname.FQDN
|
2021-04-02 08:34:03 +01:00
|
|
|
// Hosts maps DNS FQDNs to their IPs, which can be a mix of IPv4
|
|
|
|
// and IPv6.
|
2021-05-17 23:18:25 +01:00
|
|
|
// Queries matching entries in Hosts are resolved locally by
|
|
|
|
// 100.100.100.100 without leaving the machine.
|
|
|
|
// Adding an entry to Hosts merely creates the record. If you want
|
|
|
|
// it to resolve, you also need to add appropriate routes to
|
|
|
|
// Routes.
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
Hosts map[dnsname.FQDN][]netip.Addr
|
2022-01-04 21:33:08 +00:00
|
|
|
// OnlyIPv6, if true, uses the IPv6 service IP (for MagicDNS)
|
|
|
|
// instead of the IPv4 version (100.100.100.100).
|
|
|
|
OnlyIPv6 bool
|
|
|
|
}
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
func (c *Config) serviceIP() netip.Addr {
|
2022-01-04 21:33:08 +00:00
|
|
|
if c.OnlyIPv6 {
|
|
|
|
return tsaddr.TailscaleServiceIPv6()
|
|
|
|
}
|
|
|
|
return tsaddr.TailscaleServiceIP()
|
2021-04-02 08:34:03 +01:00
|
|
|
}
|
2021-04-07 06:00:59 +01:00
|
|
|
|
2021-07-20 06:24:43 +01:00
|
|
|
// WriteToBufioWriter write a debug version of c for logs to w, omitting
|
|
|
|
// spammy stuff like *.arpa entries and replacing it with a total count.
|
|
|
|
func (c *Config) WriteToBufioWriter(w *bufio.Writer) {
|
|
|
|
w.WriteString("{DefaultResolvers:")
|
2021-08-03 14:56:31 +01:00
|
|
|
resolver.WriteDNSResolvers(w, c.DefaultResolvers)
|
2021-07-20 06:24:43 +01:00
|
|
|
|
|
|
|
w.WriteString(" Routes:")
|
|
|
|
resolver.WriteRoutes(w, c.Routes)
|
|
|
|
|
|
|
|
fmt.Fprintf(w, " SearchDomains:%v", c.SearchDomains)
|
|
|
|
fmt.Fprintf(w, " Hosts:%v", len(c.Hosts))
|
|
|
|
w.WriteString("}")
|
|
|
|
}
|
|
|
|
|
2021-04-07 06:00:59 +01:00
|
|
|
// needsAnyResolvers reports whether c requires a resolver to be set
|
|
|
|
// at the OS level.
|
|
|
|
func (c Config) needsOSResolver() bool {
|
2021-05-17 23:18:25 +01:00
|
|
|
return c.hasDefaultResolvers() || c.hasRoutes()
|
2021-04-07 06:00:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c Config) hasRoutes() bool {
|
|
|
|
return len(c.Routes) > 0
|
|
|
|
}
|
|
|
|
|
2021-08-03 14:56:31 +01:00
|
|
|
// hasDefaultIPResolversOnly reports whether the only resolvers in c are
|
2022-09-06 19:15:30 +01:00
|
|
|
// DefaultResolvers, and that those resolvers are simple IP addresses
|
|
|
|
// that speak regular port 53 DNS.
|
2021-08-03 14:56:31 +01:00
|
|
|
func (c Config) hasDefaultIPResolversOnly() bool {
|
|
|
|
if !c.hasDefaultResolvers() || c.hasRoutes() {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, r := range c.DefaultResolvers {
|
2022-09-06 19:15:30 +01:00
|
|
|
if ipp, ok := r.IPPort(); !ok || ipp.Port() != 53 || publicdns.IPIsDoHOnlyServer(ipp.Addr()) {
|
2021-08-03 14:56:31 +01:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
2021-04-07 06:00:59 +01:00
|
|
|
}
|
|
|
|
|
2022-08-30 17:34:59 +01:00
|
|
|
// hasHostsWithoutSplitDNSRoutes reports whether c contains any Host entries
|
|
|
|
// that aren't covered by a SplitDNS route suffix.
|
|
|
|
func (c Config) hasHostsWithoutSplitDNSRoutes() bool {
|
|
|
|
// TODO(bradfitz): this could be more efficient, but we imagine
|
|
|
|
// the number of SplitDNS routes and/or hosts will be small.
|
|
|
|
for host := range c.Hosts {
|
|
|
|
if !c.hasSplitDNSRouteForHost(host) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// hasSplitDNSRouteForHost reports whether c contains a SplitDNS route
|
|
|
|
// that contains hosts.
|
|
|
|
func (c Config) hasSplitDNSRouteForHost(host dnsname.FQDN) bool {
|
|
|
|
for route := range c.Routes {
|
|
|
|
if route.Contains(host) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-04-07 06:00:59 +01:00
|
|
|
func (c Config) hasDefaultResolvers() bool {
|
|
|
|
return len(c.DefaultResolvers) > 0
|
|
|
|
}
|
|
|
|
|
|
|
|
// singleResolverSet returns the resolvers used by c.Routes if all
|
|
|
|
// routes use the same resolvers, or nil if multiple sets of resolvers
|
|
|
|
// are specified.
|
2022-05-03 22:41:58 +01:00
|
|
|
func (c Config) singleResolverSet() []*dnstype.Resolver {
|
2021-05-17 23:50:34 +01:00
|
|
|
var (
|
2022-05-03 22:41:58 +01:00
|
|
|
prev []*dnstype.Resolver
|
2021-05-17 23:50:34 +01:00
|
|
|
prevInitialized bool
|
|
|
|
)
|
2021-04-07 06:00:59 +01:00
|
|
|
for _, resolvers := range c.Routes {
|
2021-05-17 23:50:34 +01:00
|
|
|
if !prevInitialized {
|
|
|
|
prev = resolvers
|
|
|
|
prevInitialized = true
|
2021-04-07 06:00:59 +01:00
|
|
|
continue
|
|
|
|
}
|
2021-08-03 14:56:31 +01:00
|
|
|
if !sameResolverNames(prev, resolvers) {
|
2021-04-07 06:00:59 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
2021-05-17 23:50:34 +01:00
|
|
|
return prev
|
2021-04-07 06:00:59 +01:00
|
|
|
}
|
|
|
|
|
2021-05-17 23:18:25 +01:00
|
|
|
// matchDomains returns the list of match suffixes needed by Routes.
|
2021-04-09 23:24:47 +01:00
|
|
|
func (c Config) matchDomains() []dnsname.FQDN {
|
2021-05-17 23:18:25 +01:00
|
|
|
ret := make([]dnsname.FQDN, 0, len(c.Routes))
|
2021-04-07 06:00:59 +01:00
|
|
|
for suffix := range c.Routes {
|
2021-04-09 23:24:47 +01:00
|
|
|
ret = append(ret, suffix)
|
2021-04-07 06:00:59 +01:00
|
|
|
}
|
2021-04-09 23:24:47 +01:00
|
|
|
sort.Slice(ret, func(i, j int) bool {
|
|
|
|
return ret[i].WithTrailingDot() < ret[j].WithTrailingDot()
|
|
|
|
})
|
2021-04-07 06:00:59 +01:00
|
|
|
return ret
|
|
|
|
}
|
|
|
|
|
2022-05-03 22:41:58 +01:00
|
|
|
func sameResolverNames(a, b []*dnstype.Resolver) bool {
|
2021-04-07 06:00:59 +01:00
|
|
|
if len(a) != len(b) {
|
|
|
|
return false
|
|
|
|
}
|
2021-08-03 14:56:31 +01:00
|
|
|
for i := range a {
|
|
|
|
if a[i].Addr != b[i].Addr {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
if !sameIPs(a[i].BootstrapResolution, b[i].BootstrapResolution) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
2021-04-07 06:00:59 +01:00
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
func sameIPs(a, b []netip.Addr) bool {
|
2021-08-03 14:56:31 +01:00
|
|
|
if len(a) != len(b) {
|
|
|
|
return false
|
|
|
|
}
|
2021-04-07 06:00:59 +01:00
|
|
|
for i := range a {
|
|
|
|
if a[i] != b[i] {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|