Add DNS configuration to vpn to allow it to be used to tell if Coder Connect is running. #466
Assignees
Comments
|
During our weekly call we talked about determining whether Desktop is running by querying DNS |
This was referenced Mar 17, 2025
This was referenced Apr 9, 2025
ethanndickson
added a commit
to coder/tailscale
that referenced
this issue
Apr 10, 2025
Relates to coder/internal#466 This modifies the TTL of all DNS records programmed into the DNS resolver. I've tested this by running Coder Desktop macOS against a fresh dylib: ``` $ dig -6 @fD60:627a:a42b::53 pog2.coder AAAA ; <<>> DiG 9.10.6 <<>> -6 @fD60:627a:a42b::53 pog2.coder AAAA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37590 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;pog2.coder. IN AAAA ;; ANSWER SECTION: pog2.coder. 2 IN AAAA fd60:627a:a42b:415e:bb03:e708:fd73:c6cb ;; Query time: 6 msec ;; SERVER: fd60:627a:a42b::53#53(fd60:627a:a42b::53) ;; WHEN: Wed Apr 09 15:14:20 AEST 2025 ;; MSG SIZE rcvd: 66 ```
ethanndickson
added a commit
to coder/coder
that referenced
this issue
Apr 11, 2025
#17298) Closes coder/internal#466 ``` $ dig -6 @fD60:627a:a42b::53 is.coder--connect--enabled--right--now.coder AAAA ; <<>> DiG 9.10.6 <<>> -6 @fD60:627a:a42b::53 is.coder--connect--enabled--right--now.coder AAAA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62390 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;is.coder--connect--enabled--right--now.coder. IN AAAA ;; ANSWER SECTION: is.coder--connect--enabled--right--now.coder. 2 IN AAAA fd60:627a:a42b::53 ;; Query time: 3 msec ;; SERVER: fd60:627a:a42b::53#53(fd60:627a:a42b::53) ;; WHEN: Wed Apr 09 16:59:18 AEST 2025 ;; MSG SIZE rcvd: 134 ``` Hostname considerations: - Workspace names, usernames, and agent names can't have double hyphens, so this name can't conflict with a real Coder Connect hostname. - Components can't start or end with hyphens according to [RFC 952](https://www.rfc-editor.org/rfc/rfc952.html) - DNS records can't have hyphens in the 3rd and 4th positions, as to not conflict with IDNs https://datatracker.ietf.org/doc/html/rfc5891
ethanndickson
added a commit
to coder/coder
that referenced
this issue
Apr 11, 2025
Relates to coder/internal#466 Brings in coder/tailscale#70
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need a way for our various clients like plugins/IDE extensions and the CLI to be able to determine if they should use Coder Connect when connecting to a workspace.
For this we'll use DNS queries. DNS (unlike, say a ping or HTTP request to a well known HTTP endpoint on the Coder Connect tunnel) has the property of returning a definite result in both cases whether Coder Connect is running (AAAA record) or not (NXDOMAIN).
is.coder.connect.enabled.right.now--.<suffix>which returns the tunnel service address. This address can be used when you want to know if Coder Connect is running, but are not trying to connect to a specific known workspace.is.coder.connect.enabled.right.now--.<suffix>has 6 label components and double-dashes which are not allowed in workspace names. This ensures it can never collide with a legitimate workspace hostname.The text was updated successfully, but these errors were encountered: