-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of DNSConfig.FallbackResolvers #1743
Comments
…ues. Cause of #1743. Signed-off-by: David Anderson <danderson@tailscale.com>
…ues. Cause of #1743. Signed-off-by: David Anderson <danderson@tailscale.com>
…ues. Cause of #1743. Signed-off-by: David Anderson <danderson@tailscale.com>
Adding a note that if we remove |
I think we can eventually not need FallbackResolvers, #2116 provides a way to extract a sufficiently accurate DNS config from an Android device. We could then allow Magic DNS to be enabled without requiring a global DNS server to be provided. |
Android build 1.19.116-t878a20df2-gb2665ab2ff5 in the Open Testing track implements the mechanism described in #2116 to extract the current DNS config from Android, no longer requiring fallback resolvers. Work on #1713 is underway, to forward DNS queries to exit nodes. Once that is done, we shouldn't need FallbackResolvers any more. |
Forwarding DNS queries to exit nodes is present in 1.19.x builds in https://pkgs.tailscale.com/unstable/ and will be in the 1.20 release build. |
This will break users with <1.20 on tailnets (specific concern for Android) when they enable MagicDNS. |
Android added handling to retrieve platform DNS servers in 1.20. At this point only 1.4% of the Android fleet is running 1.18 or earlier, 98.6% of the fleet is using a version which no longer needs FallbackResolvers. In particular, I think we can be confident that new tailnets where we might have MagicDNS be on by default are unlikely to have an older Android Tailscale app amongst their devices. |
1.20 also fixed the other case at the top of this bug, of macOS/iOS clients using an exit node. As of 1.20 we have the client forward its DNS queries to the exit node for resolution.
|
Unlike our general policy of assuming nothing, on Android (at least Google Android) we can assume Google public DNS as the fallback even on old versions. |
/admin/dns has requires that "To enable MagicDNS, add a global nameserver first." requirement, we should not have that if "Override local DNS" is off. (capturing out of band discussion) |
Not complete yet. |
As a workaround for some limitations of our new DNS implementation, we've had to add fallback resolvers, which are like the old CorpDNS resolvers but only get used when we're in a case where the OS would do the wrong thing if given only a split DNS configuration.
This bug is to track removing FallbackResolvers once we've implemented fixes for the cases that require it:
Once those two are fixed, we should be able to pull out FallbackResolvers from the client.
The text was updated successfully, but these errors were encountered: