Add support for Split DNS (implements #179)

2025-10-28 10:51:44 +01:00 · 2021-10-19 20:51:43 +02:00 · 2021-10-19 20:51:43 +02:00 · 18b00b5d8d
commit 18b00b5d8d
parent 9e1253ada1
3 changed files with 51 additions and 16 deletions
--- a/app.go
+++ b/app.go
@ -113,7 +113,9 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
 		if err != nil {
 			return nil, err
 		}
-		h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
+		if h.cfg.DNSConfig.Routes == nil { // we might have routes already from Split DNS
 			h.cfg.DNSConfig.Routes = make(map[string][]dnstype.Resolver)
 		}
 		for _, d := range magicDNSDomains {
 			h.cfg.DNSConfig.Routes[d.WithoutTrailingDot()] = nil
 		}
--- a/cmd/headscale/cli/utils.go
+++ b/cmd/headscale/cli/utils.go
@ -104,6 +104,33 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 			dnsConfig.Nameservers = nameservers
 			dnsConfig.Resolvers = resolvers
 		}
 		if viper.IsSet("dns_config.restricted_nameservers") {
 			if len(dnsConfig.Nameservers) > 0 {
 				dnsConfig.Routes = make(map[string][]dnstype.Resolver)
 				restrictedDNS := viper.GetStringMapStringSlice("dns_config.restricted_nameservers")
 				for domain, resNameservers := range restrictedDNS {
 					resResolvers := make([]dnstype.Resolver, len(resNameservers))
 					for index, nameserverStr := range resNameservers {
 						nameserver, err := netaddr.ParseIP(nameserverStr)
 						if err != nil {
 							log.Error().
 								Str("func", "getDNSConfig").
 								Err(err).
 								Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
 						}
 						resResolvers[index] = dnstype.Resolver{
 							Addr: nameserver.String(),
 						}
 					}
 					dnsConfig.Routes[domain] = resResolvers
 				}
 			} else {
 				log.Warn().
 					Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
 			}
 		}
 		if viper.IsSet("dns_config.domains") {
 			dnsConfig.Domains = viper.GetStringSlice("dns_config.domains")
 		}
--- a/docs/DNS.md
+++ b/docs/DNS.md
@ -11,23 +11,29 @@ Long story short, you can define the DNS servers you want to use in your tailnet
 ## Configuration reference
-The setup is done via the `config.json` file, under the `dns_config` key. 
+The setup is done via the `config.yaml` file, under the `dns_config` key. 
-```json
+```yaml
-{
+server_url: http://127.0.0.1:8001
-    "server_url": "http://127.0.0.1:8001",
+listen_addr: 0.0.0.0:8001
-    "listen_addr": "0.0.0.0:8001",
+private_key_path: private.key
-    "private_key_path": "private.key",
+dns_config:
-    //...
+  nameservers:
-    "dns_config": {
+  - 1.1.1.1
-        "nameservers": ["1.1.1.1", "8.8.8.8"],
+  - 8.8.8.8
-        "domains": [],
+  restricted_nameservers:
-        "magic_dns": true,
+    foo.bar.com:
-        "base_domain": "example.com"
+    - 1.1.1.1
-    }
+    darp.headscale.net:
-}
+    - 1.1.1.1
    - 8.8.8.8
  domains: []
  magic_dns: true
  base_domain: example.com
 ```
 - `nameservers`:  The list of DNS servers to use.
 - `domains`: Search domains to inject.
 - `magic_dns`: Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). Only works if there is at least a nameserver defined.
- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
+- `base_domain`: Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
 - `restricted_nameservers`: Also known as Split DNS (see https://tailscale.com/kb/1054/dns/), list of search domains and the DNS you want to use for them.