Commits on Sep 8, 2022

1. net/dns/{publicdns,resolver}: add NextDNS DoH support …

   NextDNS is unique in that users create accounts and then get
   user-specific DNS IPs & DoH URLs.
   
   For DoH, the customer ID is in the URL path.
   
   For IPv6, the IP address includes the customer ID in the lower bits.
   
   For IPv4, there's a fragile "IP linking" mechanism to associate your
   public IPv4 with an assigned NextDNS IPv4 and that tuple maps to your
   customer ID.
   
   We don't use the IP linking mechanism.
   
   Instead, NextDNS is DoH-only. Which means using NextDNS necessarily
   shunts all DNS traffic through 100.100.100.100 (programming the OS to
   use 100.100.100.100 as the global resolver) because operating systems
   can't usually do DoH themselves.
   
   Once it's in Tailscale's DoH client, we then connect out to the known
   NextDNS IPv4/IPv6 anycast addresses.
   
   If the control plane sends the client a NextDNS IPv6 address, we then
   map it to the corresponding NextDNS DoH with the same client ID, and
   we dial that DoH server using the combination of v4/v6 anycast IPs.
   
   Updates #2452
   
   Change-Id: I3439d798d21d5fc9df5a2701839910f5bef85463
   Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

   

   bradfitz committed Sep 8, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for e487bc0
   • Browse repository at this point

   Copy the full SHA

   e487bc0 View commit details

   Browse the repository at this point in the history