feat: add support for search domains in dns config

jsiebens · jsiebens · commit 128ed22bde7a · 2024-02-07T08:13:44.000+01:00
diff --git a/internal/cmd/dns.go b/internal/cmd/dns.go
@@ -26,35 +26,7 @@ func getDNSConfigCommand() *cobra.Command {
 		}
 		config := resp.Msg.Config
 
-		w := new(tabwriter.Writer)
-		w.Init(os.Stdout, 8, 8, 1, '\t', 0)
-		defer w.Flush()
-
-		fmt.Fprintf(w, "%s\t\t%v\n", "MagicDNS", config.MagicDns)
-		fmt.Fprintf(w, "%s\t\t%v\n", "HTTPS Certs", config.HttpsCerts)
-		fmt.Fprintf(w, "%s\t\t%v\n", "Override Local DNS", config.OverrideLocalDns)
-
-		if config.MagicDns {
-			fmt.Fprintf(w, "MagicDNS\t%s\t%s\n", config.MagicDnsSuffix, "100.100.100.100")
-		}
-
-		for k, r := range config.Routes {
-			for i, t := range r.Routes {
-				if i == 0 {
-					fmt.Fprintf(w, "SplitDNS\t%s\t%s\n", k, t)
-				} else {
-					fmt.Fprintf(w, "%s\t%s\n", "", t)
-				}
-			}
-		}
-
-		for i, t := range config.Nameservers {
-			if i == 0 {
-				fmt.Fprintf(w, "%s\t%s\t%s\n", "Global", "", t)
-			} else {
-				fmt.Fprintf(w, "%s\t%s\t%s\n", "", "", t)
-			}
-		}
+		printDnsConfig(config)
 
 		return nil
 	}
@@ -73,11 +45,13 @@ func setDNSConfigCommand() *cobra.Command {
 	var magicDNS bool
 	var httpsCerts bool
 	var overrideLocalDNS bool
+	var searchDomains []string
 
 	command.Flags().StringSliceVarP(&nameservers, "nameserver", "", []string{}, "Machines on your network will use these nameservers to resolve DNS queries.")
 	command.Flags().BoolVarP(&magicDNS, "magic-dns", "", false, "Enable MagicDNS for the specified Tailnet")
 	command.Flags().BoolVarP(&httpsCerts, "https-certs", "", false, "Enable HTTPS Certificates for the specified Tailnet")
 	command.Flags().BoolVarP(&overrideLocalDNS, "override-local-dns", "", false, "When enabled, connected clients ignore local DNS settings and always use the nameservers specified for this Tailnet")
+	command.Flags().StringSliceVarP(&searchDomains, "search-domain", "", []string{}, "Custom DNS search domains.")
 
 	command.RunE = func(cmd *cobra.Command, args []string) error {
 		var globalNameservers []string
@@ -105,6 +79,7 @@ func setDNSConfigCommand() *cobra.Command {
 				Nameservers:      globalNameservers,
 				Routes:           routes,
 				HttpsCerts:       httpsCerts,
+				SearchDomains:    searchDomains,
 			},
 		}
 		resp, err := tc.Client().SetDNSConfig(cmd.Context(), connect.NewRequest(&req))
@@ -120,38 +95,50 @@ func setDNSConfigCommand() *cobra.Command {
 			fmt.Println()
 		}
 
-		w := new(tabwriter.Writer)
-		w.Init(os.Stdout, 8, 8, 1, '\t', 0)
-		defer w.Flush()
+		printDnsConfig(config)
 
-		fmt.Fprintf(w, "%s\t\t%v\n", "MagicDNS", config.MagicDns)
-		fmt.Fprintf(w, "%s\t\t%v\n", "HTTPS Certs", config.HttpsCerts)
-		fmt.Fprintf(w, "%s\t\t%v\n", "Override Local DNS", config.OverrideLocalDns)
+		return nil
+	}
 
-		if config.MagicDns {
-			fmt.Fprintf(w, "MagicDNS\t%s\t%s\n", config.MagicDnsSuffix, "100.100.100.100")
-		}
+	return command
+}
 
-		for k, r := range config.Routes {
-			for i, t := range r.Routes {
-				if i == 0 {
-					fmt.Fprintf(w, "SplitDNS\t%s\t%s\n", k, t)
-				} else {
-					fmt.Fprintf(w, "%s\t%s\n", "", t)
-				}
-			}
-		}
+func printDnsConfig(config *api.DNSConfig) {
+	w := new(tabwriter.Writer)
+	w.Init(os.Stdout, 8, 8, 1, '\t', 0)
+	defer w.Flush()
 
-		for i, t := range config.Nameservers {
+	fmt.Fprintf(w, "%s\t\t%v\n", "MagicDNS", config.MagicDns)
+	fmt.Fprintf(w, "%s\t\t%v\n", "HTTPS Certs", config.HttpsCerts)
+	fmt.Fprintf(w, "%s\t\t%v\n", "Override Local DNS", config.OverrideLocalDns)
+
+	if config.MagicDns {
+		fmt.Fprintf(w, "MagicDNS\t%s\t%s\n", config.MagicDnsSuffix, "100.100.100.100")
+	}
+
+	for k, r := range config.Routes {
+		for i, t := range r.Routes {
 			if i == 0 {
-				fmt.Fprintf(w, "%s\t%s\t%s\n", "Global", "", t)
+				fmt.Fprintf(w, "SplitDNS\t%s\t%s\n", k, t)
 			} else {
-				fmt.Fprintf(w, "%s\t%s\t%s\n", "", "", t)
+				fmt.Fprintf(w, "%s\t%s\n", "", t)
 			}
 		}
+	}
 
-		return nil
+	for i, t := range config.Nameservers {
+		if i == 0 {
+			fmt.Fprintf(w, "%s\t%s\t%s\n", "Global", "", t)
+		} else {
+			fmt.Fprintf(w, "%s\t%s\t%s\n", "", "", t)
+		}
 	}
 
-	return command
+	for i, t := range config.SearchDomains {
+		if i == 0 {
+			fmt.Fprintf(w, "%s\t%s\t%s\n", "Search Domains", t, "")
+		} else {
+			fmt.Fprintf(w, "%s\t%s\t%s\n", "", t, "")
+		}
+	}
 }
diff --git a/internal/domain/dns_config.go b/internal/domain/dns_config.go
@@ -14,6 +14,7 @@ type DNSConfig struct {
 	OverrideLocalDNS  bool                `json:"override_local_dns"`
 	Nameservers       []string            `json:"nameservers"`
 	Routes            map[string][]string `json:"routes"`
+	SearchDomains     []string            `json:"search_domains"`
 }
 
 func (i *DNSConfig) Scan(destination interface{}) error {
diff --git a/internal/mapping/mapping.go b/internal/mapping/mapping.go
@@ -34,20 +34,20 @@ func ToDNSConfig(m *domain.Machine, tailnet *domain.Tailnet, c *domain.DNSConfig
 	sanitizeTailnetName := domain.SanitizeTailnetName(tailnet.Name)
 	tailnetDomain := fmt.Sprintf("%s.%s", sanitizeTailnetName, config.MagicDNSSuffix())
 
-	resolvers := []*dnstype.Resolver{}
+	resolvers := make([]*dnstype.Resolver, 0)
+
 	for _, r := range c.Nameservers {
-		resolver := &dnstype.Resolver{
-			Addr: r,
-		}
-		resolvers = append(resolvers, resolver)
+		resolvers = append(resolvers, &dnstype.Resolver{Addr: r})
 	}
 
 	dnsConfig := &tailcfg.DNSConfig{}
 
+	var routes = make(map[string][]*dnstype.Resolver)
 	var domains []string
 	var certDomains []string
 
 	if c.MagicDNS {
+		routes[tailnetDomain] = nil
 		domains = append(domains, tailnetDomain)
 		dnsConfig.Proxied = true
 
@@ -63,23 +63,24 @@ func ToDNSConfig(m *domain.Machine, tailnet *domain.Tailnet, c *domain.DNSConfig
 	}
 
 	if len(c.Routes) != 0 || certsEnabled {
-		routes := make(map[string][]*dnstype.Resolver)
-
 		for r, s := range c.Routes {
-			routeResolver := []*dnstype.Resolver{}
+			routeResolver := make([]*dnstype.Resolver, 0)
 			for _, addr := range s {
-				resolver := &dnstype.Resolver{Addr: addr}
-				routeResolver = append(routeResolver, resolver)
+				routeResolver = append(routeResolver, &dnstype.Resolver{Addr: addr})
 			}
 			routes[r] = routeResolver
-			domains = append(domains, r)
 		}
+
 		dnsConfig.Routes = routes
 	}
 
-	dnsConfig.Domains = domains
+	dnsConfig.Domains = append(domains, c.SearchDomains...)
 	dnsConfig.CertDomains = certDomains
 
+	dnsConfig.ExitNodeFilteredSet = []string{
+		fmt.Sprintf(".%s", config.MagicDNSSuffix()),
+	}
+
 	return dnsConfig
 }
 
diff --git a/internal/service/dns.go b/internal/service/dns.go
@@ -42,6 +42,10 @@ func (s *Service) SetDNSConfig(ctx context.Context, req *connect.Request[api.Set
 		return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("MagicDNS must be enabled when enabling HTTPS Certs"))
 	}
 
+	if dnsConfig.HttpsCerts && s.dnsProvider != nil {
+		return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("A DNS provider must be configured when enabling HTTPS Certs"))
+	}
+
 	tailnet, err := s.repository.GetTailnet(ctx, req.Msg.TailnetId)
 	if err != nil {
 		return nil, logError(err)
@@ -50,13 +54,7 @@ func (s *Service) SetDNSConfig(ctx context.Context, req *connect.Request[api.Set
 		return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("tailnet not found"))
 	}
 
-	tailnet.DNSConfig = domain.DNSConfig{
-		MagicDNS:          dnsConfig.MagicDns,
-		HttpsCertsEnabled: s.dnsProvider != nil && dnsConfig.HttpsCerts,
-		OverrideLocalDNS:  dnsConfig.OverrideLocalDns,
-		Nameservers:       dnsConfig.Nameservers,
-		Routes:            apiRoutesToDomainRoutes(dnsConfig.Routes),
-	}
+	tailnet.DNSConfig = apiDNSConfigToDomainDNSConfig(req.Msg.Config)
 
 	if err := s.repository.SaveTailnet(ctx, tailnet); err != nil {
 		return nil, logError(err)
@@ -102,6 +100,7 @@ func apiDNSConfigToDomainDNSConfig(dnsConfig *api.DNSConfig) domain.DNSConfig {
 		OverrideLocalDNS:  dnsConfig.OverrideLocalDns,
 		Nameservers:       dnsConfig.Nameservers,
 		Routes:            apiRoutesToDomainRoutes(dnsConfig.Routes),
+		SearchDomains:     dnsConfig.SearchDomains,
 	}
 }
 
@@ -115,5 +114,6 @@ func domainDNSConfigToApiDNSConfig(tailnet *domain.Tailnet) *api.DNSConfig {
 		OverrideLocalDns: dnsConfig.OverrideLocalDNS,
 		Nameservers:      dnsConfig.Nameservers,
 		Routes:           domainRoutesToApiRoutes(dnsConfig.Routes),
+		SearchDomains:    dnsConfig.SearchDomains,
 	}
 }
diff --git a/pkg/gen/ionscale/v1/dns.pb.go b/pkg/gen/ionscale/v1/dns.pb.go
diff --git a/proto/ionscale/v1/dns.proto b/proto/ionscale/v1/dns.proto
@@ -29,6 +29,7 @@ message DNSConfig {
   map<string, Routes> routes = 4;
   string magic_dns_suffix = 5;
   bool https_certs = 6;
+  repeated string search_domains = 7;
 }
 
 message Routes {

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ type DNSConfig struct {`
`14`	`14`	OverrideLocalDNS bool `json:"override_local_dns"`
`15`	`15`	Nameservers []string `json:"nameservers"`
`16`	`16`	Routes map[string][]string `json:"routes"`
	`17`	+ SearchDomains []string `json:"search_domains"`
`17`	`18`	`}`
`18`	`19`
`19`	`20`	`func (i *DNSConfig) Scan(destination interface{}) error {`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,10 @@ func (s Service) SetDNSConfig(ctx context.Context, req connect.Request[api.Set`
`42`	`42`	`return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("MagicDNS must be enabled when enabling HTTPS Certs"))`
`43`	`43`	`}`
`44`	`44`
	`45`	`+ if dnsConfig.HttpsCerts && s.dnsProvider != nil {`
	`46`	`+ return nil, connect.NewError(connect.CodeFailedPrecondition, fmt.Errorf("A DNS provider must be configured when enabling HTTPS Certs"))`
	`47`	`+ }`
	`48`	`+`
`45`	`49`	`tailnet, err := s.repository.GetTailnet(ctx, req.Msg.TailnetId)`
`46`	`50`	`if err != nil {`
`47`	`51`	`return nil, logError(err)`
`@@ -50,13 +54,7 @@ func (s Service) SetDNSConfig(ctx context.Context, req connect.Request[api.Set`
`50`	`54`	`return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("tailnet not found"))`
`51`	`55`	`}`
`52`	`56`
`53`		`- tailnet.DNSConfig = domain.DNSConfig{`
`54`		`- MagicDNS: dnsConfig.MagicDns,`
`55`		`- HttpsCertsEnabled: s.dnsProvider != nil && dnsConfig.HttpsCerts,`
`56`		`- OverrideLocalDNS: dnsConfig.OverrideLocalDns,`
`57`		`- Nameservers: dnsConfig.Nameservers,`
`58`		`- Routes: apiRoutesToDomainRoutes(dnsConfig.Routes),`
`59`		`- }`
	`57`	`+ tailnet.DNSConfig = apiDNSConfigToDomainDNSConfig(req.Msg.Config)`
`60`	`58`
`61`	`59`	`if err := s.repository.SaveTailnet(ctx, tailnet); err != nil {`
`62`	`60`	`return nil, logError(err)`
`@@ -102,6 +100,7 @@ func apiDNSConfigToDomainDNSConfig(dnsConfig *api.DNSConfig) domain.DNSConfig {`
`102`	`100`	`OverrideLocalDNS: dnsConfig.OverrideLocalDns,`
`103`	`101`	`Nameservers: dnsConfig.Nameservers,`
`104`	`102`	`Routes: apiRoutesToDomainRoutes(dnsConfig.Routes),`
	`103`	`+ SearchDomains: dnsConfig.SearchDomains,`
`105`	`104`	`}`
`106`	`105`	`}`
`107`	`106`
`@@ -115,5 +114,6 @@ func domainDNSConfigToApiDNSConfig(tailnet domain.Tailnet) api.DNSConfig {`
`115`	`114`	`OverrideLocalDns: dnsConfig.OverrideLocalDNS,`
`116`	`115`	`Nameservers: dnsConfig.Nameservers,`
`117`	`116`	`Routes: domainRoutesToApiRoutes(dnsConfig.Routes),`
	`117`	`+ SearchDomains: dnsConfig.SearchDomains,`
`118`	`118`	`}`
`119`	`119`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ message DNSConfig {`
`29`	`29`	`map<string, Routes> routes = 4;`
`30`	`30`	`string magic_dns_suffix = 5;`
`31`	`31`	`bool https_certs = 6;`
	`32`	`+ repeated string search_domains = 7;`
`32`	`33`	`}`
`33`	`34`
`34`	`35`	`message Routes {`