Allow split DNS configuration without requiring global nameservers
Align behaviour of dns_config.restricted_nameservers to tailscale. Tailscale allows split DNS configuration without requiring global nameservers. In addition, as per [the docs](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console): > These nameservers also configure search domains for your devices This commit aligns headscale to tailscale by: * honouring dns_config.restricted_nameservers regardless of whether any global resolvers are configured * adding a search domain for each restricted_nameserver
This commit is contained in:
parent
83a538cc95
commit
26edf24477
1 changed files with 22 additions and 24 deletions
46
config.go
46
config.go
|
@ -411,34 +411,32 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if viper.IsSet("dns_config.restricted_nameservers") {
|
if viper.IsSet("dns_config.restricted_nameservers") {
|
||||||
if len(dnsConfig.Resolvers) > 0 {
|
dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
|
||||||
dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
|
domains := []string{}
|
||||||
restrictedDNS := viper.GetStringMapStringSlice(
|
restrictedDNS := viper.GetStringMapStringSlice(
|
||||||
"dns_config.restricted_nameservers",
|
"dns_config.restricted_nameservers",
|
||||||
|
)
|
||||||
|
for domain, restrictedNameservers := range restrictedDNS {
|
||||||
|
restrictedResolvers := make(
|
||||||
|
[]*dnstype.Resolver,
|
||||||
|
len(restrictedNameservers),
|
||||||
)
|
)
|
||||||
for domain, restrictedNameservers := range restrictedDNS {
|
for index, nameserverStr := range restrictedNameservers {
|
||||||
restrictedResolvers := make(
|
nameserver, err := netip.ParseAddr(nameserverStr)
|
||||||
[]*dnstype.Resolver,
|
if err != nil {
|
||||||
len(restrictedNameservers),
|
log.Error().
|
||||||
)
|
Str("func", "getDNSConfig").
|
||||||
for index, nameserverStr := range restrictedNameservers {
|
Err(err).
|
||||||
nameserver, err := netip.ParseAddr(nameserverStr)
|
Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
|
||||||
if err != nil {
|
}
|
||||||
log.Error().
|
restrictedResolvers[index] = &dnstype.Resolver{
|
||||||
Str("func", "getDNSConfig").
|
Addr: nameserver.String(),
|
||||||
Err(err).
|
|
||||||
Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
|
|
||||||
}
|
|
||||||
restrictedResolvers[index] = &dnstype.Resolver{
|
|
||||||
Addr: nameserver.String(),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
dnsConfig.Routes[domain] = restrictedResolvers
|
|
||||||
}
|
}
|
||||||
} else {
|
dnsConfig.Routes[domain] = restrictedResolvers
|
||||||
log.Warn().
|
domains = append(domains, domain)
|
||||||
Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
|
|
||||||
}
|
}
|
||||||
|
dnsConfig.Domains = domains
|
||||||
}
|
}
|
||||||
|
|
||||||
if viper.IsSet("dns_config.domains") {
|
if viper.IsSet("dns_config.domains") {
|
||||||
|
|
Loading…
Reference in a new issue