diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2023-10-16 09:16:01 -0700 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@tailscale.com> | 2023-10-16 09:16:01 -0700 |
| commit | 9cedc555709268e84489d08ac11b60992c9be9b9 (patch) | |
| tree | 185d0fa19736089e6875d987508a0c68dc79ad75 /control/controlknobs | |
| parent | feabb34ea0aaab714698de643fef6436f7eee96a (diff) | |
| download | tailscale-bradfitz/recursive_controlknob.tar.xz tailscale-bradfitz/recursive_controlknob.zip | |
net/dnsfallback, control/controlknobs: add knob to disable recursive resolverbradfitz/recursive_controlknob
Updates tailscale/corp#15261
Change-Id: I099860c400c82617382723b96fd3a5193c45f0d7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlknobs')
| -rw-r--r-- | control/controlknobs/controlknobs.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/control/controlknobs/controlknobs.go b/control/controlknobs/controlknobs.go index e64bc8011..2678ba494 100644 --- a/control/controlknobs/controlknobs.go +++ b/control/controlknobs/controlknobs.go @@ -52,6 +52,10 @@ type Knobs struct { // DisableDNSForwarderTCPRetries is whether the DNS forwarder should // skip retrying truncated queries over TCP. DisableDNSForwarderTCPRetries atomic.Bool + + // DisableRecursiveResolver is whether the node should disable the + // dnsfallback recursive resolver. + DisableRecursiveResolver atomic.Bool } // UpdateFromNodeAttributes updates k (if non-nil) based on the provided self @@ -74,6 +78,7 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability, forceBackgroundSTUN = has(tailcfg.NodeAttrDebugForceBackgroundSTUN) peerMTUEnable = has(tailcfg.NodeAttrPeerMTUEnable) dnsForwarderDisableTCPRetries = has(tailcfg.NodeAttrDNSForwarderDisableTCPRetries) + dnsDisableRecursiveResolver = has(tailcfg.NodeAttrDisableRecursiveResolver) ) if has(tailcfg.NodeAttrOneCGNATEnable) { @@ -91,6 +96,7 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability, k.DisableDeltaUpdates.Store(disableDeltaUpdates) k.PeerMTUEnable.Store(peerMTUEnable) k.DisableDNSForwarderTCPRetries.Store(dnsForwarderDisableTCPRetries) + k.DisableRecursiveResolver.Store(dnsDisableRecursiveResolver) } // AsDebugJSON returns k as something that can be marshalled with json.Marshal @@ -111,3 +117,12 @@ func (k *Knobs) AsDebugJSON() map[string]any { "DisableDNSForwarderTCPRetries": k.DisableDNSForwarderTCPRetries.Load(), } } + +// EnableRecursiveResolver is whether the node should use its DNS recursive resolver +// as a fallback. It defaults to enabled unless disabled by the control plane. +func (k *Knobs) EnableRecursiveResolver() bool { + if k == nil { + return true + } + return !k.DisableRecursiveResolver.Load() +} |