Skip to content

Commit

Permalink
Merge branch 'main' into doc-reorg-v1
Browse files Browse the repository at this point in the history
  • Loading branch information
kradalby authored Oct 21, 2021
2 parents 8f5a1dc + ed7b840 commit 2c57019
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 17 deletions.
3 changes: 3 additions & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ builds:
- linux
goarch:
- arm64
env:
- CGO_ENABLED=1
- CC=aarch64-linux-gnu-gcc
main: ./cmd/headscale/headscale.go
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags:
Expand Down
5 changes: 4 additions & 1 deletion app.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,10 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
if err != nil {
return nil, err
}
h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
// we might have routes already from Split DNS
if h.cfg.DNSConfig.Routes == nil {
h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
}
for _, d := range magicDNSDomains {
h.cfg.DNSConfig.Routes[d.WithoutTrailingDot()] = nil
}
Expand Down
27 changes: 27 additions & 0 deletions cmd/headscale/cli/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,33 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
dnsConfig.Nameservers = nameservers
dnsConfig.Resolvers = resolvers
}

if viper.IsSet("dns_config.restricted_nameservers") {
if len(dnsConfig.Nameservers) > 0 {
dnsConfig.Routes = make(map[string][]dnstype.Resolver)
restrictedDNS := viper.GetStringMapStringSlice("dns_config.restricted_nameservers")
for domain, restrictedNameservers := range restrictedDNS {
restrictedResolvers := make([]dnstype.Resolver, len(restrictedNameservers))
for index, nameserverStr := range restrictedNameservers {
nameserver, err := netaddr.ParseIP(nameserverStr)
if err != nil {
log.Error().
Str("func", "getDNSConfig").
Err(err).
Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
}
restrictedResolvers[index] = dnstype.Resolver{
Addr: nameserver.String(),
}
}
dnsConfig.Routes[domain] = restrictedResolvers
}
} else {
log.Warn().
Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
}
}

if viper.IsSet("dns_config.domains") {
dnsConfig.Domains = viper.GetStringSlice("dns_config.domains")
}
Expand Down
38 changes: 22 additions & 16 deletions docs/DNS.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,23 +11,29 @@ Long story short, you can define the DNS servers you want to use in your tailnet

## Configuration reference

The setup is done via the `config.json` file, under the `dns_config` key.

```json
{
"server_url": "http://127.0.0.1:8001",
"listen_addr": "0.0.0.0:8001",
"private_key_path": "private.key",
//...
"dns_config": {
"nameservers": ["1.1.1.1", "8.8.8.8"],
"domains": [],
"magic_dns": true,
"base_domain": "example.com"
}
}
The setup is done via the `config.yaml` file, under the `dns_config` key.

```yaml
server_url: http://127.0.0.1:8001
listen_addr: 0.0.0.0:8001
private_key_path: private.key
dns_config:
nameservers:
- 1.1.1.1
- 8.8.8.8
restricted_nameservers:
foo.bar.com:
- 1.1.1.1
darp.headscale.net:
- 1.1.1.1
- 8.8.8.8
domains: []
magic_dns: true
base_domain: example.com
```
- `nameservers`: The list of DNS servers to use.
- `domains`: Search domains to inject.
- `magic_dns`: Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). Only works if there is at least a nameserver defined.
- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
- `restricted_nameservers`: Split DNS (see https://tailscale.com/kb/1054/dns/), list of search domains and the DNS to query for each one.

0 comments on commit 2c57019

Please sign in to comment.