Allow split DNS configuration without requiring global nameservers
Align behaviour of dns_config.restricted_nameservers to tailscale. Tailscale allows split DNS configuration without requiring global nameservers. In addition, as per [the docs](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console): > These nameservers also configure search domains for your devices This commit aligns headscale to tailscale by: * honouring dns_config.restricted_nameservers regardless of whether any global resolvers are configured * adding a search domain for each restricted_nameserver
This commit is contained in:
parent
83a538cc95
commit
26edf24477
1 changed files with 22 additions and 24 deletions
|
@ -411,8 +411,8 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if viper.IsSet("dns_config.restricted_nameservers") {
|
if viper.IsSet("dns_config.restricted_nameservers") {
|
||||||
if len(dnsConfig.Resolvers) > 0 {
|
|
||||||
dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
|
dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
|
||||||
|
domains := []string{}
|
||||||
restrictedDNS := viper.GetStringMapStringSlice(
|
restrictedDNS := viper.GetStringMapStringSlice(
|
||||||
"dns_config.restricted_nameservers",
|
"dns_config.restricted_nameservers",
|
||||||
)
|
)
|
||||||
|
@ -434,11 +434,9 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
dnsConfig.Routes[domain] = restrictedResolvers
|
dnsConfig.Routes[domain] = restrictedResolvers
|
||||||
|
domains = append(domains, domain)
|
||||||
}
|
}
|
||||||
} else {
|
dnsConfig.Domains = domains
|
||||||
log.Warn().
|
|
||||||
Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if viper.IsSet("dns_config.domains") {
|
if viper.IsSet("dns_config.domains") {
|
||||||
|
|
Loading…
Reference in a new issue