Skip to content

Enhance tailnet to (optionally) configure DNS records for peers. #14718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
spikecurtis opened this issue Sep 18, 2024 · 1 comment
Closed

Enhance tailnet to (optionally) configure DNS records for peers. #14718

spikecurtis opened this issue Sep 18, 2024 · 1 comment
Assignees
@ethanndickson
Labels
networking Area: networking

Comments

@spikecurtis
Copy link
Contributor

Today, tailnet.Conn does not configure any DNS in Tailscale networking. In order to support a desktop native VPN to Coder workspaces, we should enhance tailnet.Conn (e.g. via the configMaps subcomponent) to be programmed with domain names and corresponding IP addresses to be served from the Tailscale DNS server.

This will allow us to eventually have client applications learn workspace agent names and IP addresses ( via #14716 ) and then program DNS entries for them into Tailscale.

In this increment, only IPv6 addresses need to be supported, and if enabled the Tailscale DNS service should respond on [fd60:627a:a42b::53]:53.
@spikecurtis spikecurtis added the networking Area: networking label Sep 18, 2024
This was referenced Sep 19, 2024
Closed
Closed
@sreya sreya assigned sreya and unassigned sreya Sep 23, 2024
@spikecurtis
Copy link
Contributor Author

Here's what the DNS configuration looks like (taken from an experimental branch with hardcoded values), in configmaps.go

// reconfig computes the correct wireguard config and calls the engine.Reconfig
// with the config we have.  It is not intended for this to be called outside of
// the updateLoop()
func (c *configMaps) reconfig(nm *netmap.NetworkMap) {
	cfg, err := nmcfg.WGCfg(nm, Logger(c.logger.Named("net.wgconfig")), netmap.AllowSingleHosts, "")
	if err != nil {
		// WGCfg never returns an error at the time this code was written.  If it starts, returning
		// errors if/when we upgrade tailscale, we'll need to deal.
		c.logger.Critical(context.Background(), "update wireguard config failed", slog.Error(err))
		return
	}

	addrs := append([]netip.Prefix{}, nm.Addresses...)
	rc := &router.Config{
		LocalAddrs: addrs,
		Routes:     []netip.Prefix{ServicePrefix},
	}
	err = c.engine.Reconfig(cfg, rc, &dns.Config{
		Routes: map[dnsname.FQDN][]*dnstype.Resolver{
			"coderlan.": nil,
		},
		Hosts: map[dnsname.FQDN][]netip.Addr{
			"dogfood2.coderlan.": {netip.MustParseAddr("fd7a:115c:a1e0:4280:a0ad:1919:6552:9fe3")},
		},
		OnlyIPv6: true,
	}, &tailcfg.Debug{})
	if err != nil {
		if errors.Is(err, wgengine.ErrNoChanges) {
			return
		}
		c.logger.Error(context.Background(), "failed to reconfigure wireguard engine", slog.Error(err))
	}
}

@deansheather deansheather mentioned this issue Oct 4, 2024
Closed
@matifali matifali removed the feature label Oct 14, 2024
@sreya sreya assigned spikecurtis and unassigned deansheather Oct 17, 2024
This was referenced Nov 7, 2024
Merged
Closed
Merged
ethanndickson added a commit that referenced this issue Nov 8, 2024
@ethanndickson
chore: support adding dns hosts to tailnet.Conn (#15419)
5d853fc 
Relates to #14718.

The remaining changes (regarding the Tailscale DNS service) will need to
be made on `coder/tailscale`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ethanndickson ethanndickson

Labels
networking Area: networking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sreya @spikecurtis @matifali @deansheather @ethanndickson