summaryrefslogtreecommitdiffhomepage
path: root/control
diff options
context:
space:
mode:
Diffstat (limited to 'control')
-rw-r--r--control/controlclient/direct.go2
-rw-r--r--control/controlhttp/client.go2
-rw-r--r--control/controlknobs/controlknobs.go15
3 files changed, 17 insertions, 2 deletions
diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go
index 80f6e919b..2f4c40c03 100644
--- a/control/controlclient/direct.go
+++ b/control/controlclient/direct.go
@@ -235,7 +235,7 @@ func NewDirect(opts Options) (*Direct, error) {
dnsCache := &dnscache.Resolver{
Forward: dnscache.Get().Forward, // use default cache's forwarder
UseLastGood: true,
- LookupIPFallback: dnsfallback.MakeLookupFunc(opts.Logf, opts.NetMon),
+ LookupIPFallback: dnsfallback.MakeLookupFunc(opts.Logf, opts.NetMon, opts.ControlKnobs.EnableRecursiveResolver),
Logf: opts.Logf,
NetMon: opts.NetMon,
}
diff --git a/control/controlhttp/client.go b/control/controlhttp/client.go
index fb220fd0b..d622aca40 100644
--- a/control/controlhttp/client.go
+++ b/control/controlhttp/client.go
@@ -390,7 +390,7 @@ func (a *Dialer) resolver() *dnscache.Resolver {
return &dnscache.Resolver{
Forward: dnscache.Get().Forward,
- LookupIPFallback: dnsfallback.MakeLookupFunc(a.logf, a.NetMon),
+ LookupIPFallback: dnsfallback.MakeLookupFunc(a.logf, a.NetMon, func() bool { return false }),
UseLastGood: true,
Logf: a.Logf, // not a.logf method; we want to propagate nil-ness
NetMon: a.NetMon,
diff --git a/control/controlknobs/controlknobs.go b/control/controlknobs/controlknobs.go
index e64bc8011..2678ba494 100644
--- a/control/controlknobs/controlknobs.go
+++ b/control/controlknobs/controlknobs.go
@@ -52,6 +52,10 @@ type Knobs struct {
// DisableDNSForwarderTCPRetries is whether the DNS forwarder should
// skip retrying truncated queries over TCP.
DisableDNSForwarderTCPRetries atomic.Bool
+
+ // DisableRecursiveResolver is whether the node should disable the
+ // dnsfallback recursive resolver.
+ DisableRecursiveResolver atomic.Bool
}
// UpdateFromNodeAttributes updates k (if non-nil) based on the provided self
@@ -74,6 +78,7 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability,
forceBackgroundSTUN = has(tailcfg.NodeAttrDebugForceBackgroundSTUN)
peerMTUEnable = has(tailcfg.NodeAttrPeerMTUEnable)
dnsForwarderDisableTCPRetries = has(tailcfg.NodeAttrDNSForwarderDisableTCPRetries)
+ dnsDisableRecursiveResolver = has(tailcfg.NodeAttrDisableRecursiveResolver)
)
if has(tailcfg.NodeAttrOneCGNATEnable) {
@@ -91,6 +96,7 @@ func (k *Knobs) UpdateFromNodeAttributes(selfNodeAttrs []tailcfg.NodeCapability,
k.DisableDeltaUpdates.Store(disableDeltaUpdates)
k.PeerMTUEnable.Store(peerMTUEnable)
k.DisableDNSForwarderTCPRetries.Store(dnsForwarderDisableTCPRetries)
+ k.DisableRecursiveResolver.Store(dnsDisableRecursiveResolver)
}
// AsDebugJSON returns k as something that can be marshalled with json.Marshal
@@ -111,3 +117,12 @@ func (k *Knobs) AsDebugJSON() map[string]any {
"DisableDNSForwarderTCPRetries": k.DisableDNSForwarderTCPRetries.Load(),
}
}
+
+// EnableRecursiveResolver is whether the node should use its DNS recursive resolver
+// as a fallback. It defaults to enabled unless disabled by the control plane.
+func (k *Knobs) EnableRecursiveResolver() bool {
+ if k == nil {
+ return true
+ }
+ return !k.DisableRecursiveResolver.Load()
+}
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.