Skip to content

Commit 4baf34c

Browse files
dblohm7dblohm7
committed
net/dns: set appropriate Windows registry values to prevent it from sending DNS changes concerning our interface to AD domain controllers.
We do this unconditionally inside SetDNS such that the values are always set before we make any other changes to DNS configurations. It should not be harmful for the settings to remain even when other DNS settings are cleared out (since they only affect our network interface). See https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003 for details about the registry value. Fixes tailscale#4829 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
1 parent 8cdfd12 commit 4baf34c

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

net/dns/manager_windows.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,11 @@ func (m windowsManager) SetDNS(cfg OSConfig) error {
215215
// configuration only, routing one set of things to the "split"
216216
// resolver and the rest to the primary.
217217

218+
// Unconditionally disable dynamic DNS updates on our interfaces.
219+
if err := m.disableDynamicUpdates(); err != nil {
220+
m.logf("disableDynamicUpdates error: %v\n", err)
221+
}
222+
218223
if len(cfg.MatchDomains) == 0 {
219224
if err := m.setSplitDNS(nil, nil); err != nil {
220225
return err
@@ -295,6 +300,29 @@ func (m windowsManager) Close() error {
295300
return m.SetDNS(OSConfig{})
296301
}
297302

303+
// disableDynamicUpdates sets the appropriate registry values to prevent the
304+
// Windows DHCP client from sending dynamic DNS updates for our interface to
305+
// AD domain controllers.
306+
func (m windowsManager) disableDynamicUpdates() error {
307+
setRegValue := func(regBase string) error {
308+
key, err := m.openKey(m.ifPath(regBase))
309+
if err != nil {
310+
return err
311+
}
312+
defer key.Close()
313+
314+
return key.SetDWordValue("DisableDynamicUpdate", 1)
315+
}
316+
317+
for _, regBase := range []string{ipv4RegBase, ipv6RegBase} {
318+
if err := setRegValue(regBase); err != nil {
319+
return err
320+
}
321+
}
322+
323+
return nil
324+
}
325+
298326
func (m windowsManager) GetBaseConfig() (OSConfig, error) {
299327
resolvers, err := m.getBasePrimaryResolver()
300328
if err != nil {

0 commit comments

Comments
 (0)