net/dnsfallback: disable recursive resolver for now

It seems to be implicated in a CPU consumption bug that's not yet
understood. Disable it until we understand.

Updates tailscale/corp#15261

Change-Id: Ia6d0c310da6464dda79a70fc3c18be0782812d3f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

net/dnsfallback/dnsfallback.go

@@ -39,14 +39,22 @@ import (
 	"tailscale.com/util/slicesx"
 )
 
-var disableRecursiveResolver = envknob.RegisterBool("TS_DNSFALLBACK_DISABLE_RECURSIVE_RESOLVER")
+var (
+	optRecursiveResolver     = envknob.RegisterOptBool("TS_DNSFALLBACK_RECURSIVE_RESOLVER")
+	disableRecursiveResolver = envknob.RegisterBool("TS_DNSFALLBACK_DISABLE_RECURSIVE_RESOLVER") // legacy pre-1.52 env knob name
+)
 
 // MakeLookupFunc creates a function that can be used to resolve hostnames
 // (e.g. as a LookupIPFallback from dnscache.Resolver).
 // The netMon parameter is optional; if non-nil it's used to do faster interface lookups.
 func MakeLookupFunc(logf logger.Logf, netMon *netmon.Monitor) func(ctx context.Context, host string) ([]netip.Addr, error) {
 	return func(ctx context.Context, host string) ([]netip.Addr, error) {
-		if disableRecursiveResolver() {
+		// If they've explicitly disabled the recursive resolver with the legacy
+		// TS_DNSFALLBACK_DISABLE_RECURSIVE_RESOLVER envknob or not set the
+		// newer TS_DNSFALLBACK_RECURSIVE_RESOLVER to true, then don't use the
+		// recursive resolver. (tailscale/corp#15261) In the future, we might
+		// change the default (the opt.Bool being unset) to mean enabled.
+		if disableRecursiveResolver() || !optRecursiveResolver().EqualBool(true) {
 			return lookup(ctx, host, logf, netMon)
 		}