lanscaping: remove dnsfallback's recursive resolver + its miekg/dns dep

-rwxr-xr-x@ 1 bradfitz staff 15876722 Jan 10 20:47 /Users/bradfitz/bin/tailscaled.min -rwxr-xr-x@ 1 bradfitz staff 17039512 Jan 10 20:47 /Users/bradfitz/bin/tailscaled.minlinux Change-Id: I5e6b54545ac61d98e5075de57c3a020eab52956e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2026-05-09 14:16:14 +02:00 · 2025-01-10 20:48:18 -08:00 · 2025-01-10 20:48:18 -08:00 · 2348da8980
commit 2348da8980
parent f86f0f793a
3 changed files with 6 additions and 105 deletions
--- a/cmd/tailscale/depaware-minlinux.txt
+++ b/cmd/tailscale/depaware-minlinux.txt
@ -24,7 +24,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
   L 💣 github.com/mdlayher/netlink                                  from github.com/jsimonetti/rtnetlink+
   L 💣 github.com/mdlayher/netlink/nlenc                            from github.com/jsimonetti/rtnetlink+
   L 💣 github.com/mdlayher/socket                                   from github.com/mdlayher/netlink
-        github.com/miekg/dns                                         from tailscale.com/net/dns/recursive
     💣 github.com/mitchellh/go-ps                                   from tailscale.com/cmd/tailscale/cli+
        github.com/peterbourgon/ff/v3                                from github.com/peterbourgon/ff/v3/ffcli+
        github.com/peterbourgon/ff/v3/ffcli                          from tailscale.com/cmd/tailscale/cli+
@ -77,7 +76,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
        tailscale.com/kube/kubetypes                                 from tailscale.com/envknob
        tailscale.com/licenses                                       from tailscale.com/client/web+
        tailscale.com/metrics                                        from tailscale.com/derp+
-        tailscale.com/net/dns/recursive                              from tailscale.com/net/dnsfallback
        tailscale.com/net/dnscache                                   from tailscale.com/control/controlhttp+
        tailscale.com/net/dnsfallback                                from tailscale.com/control/controlhttp
        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet
@ -184,8 +182,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
        golang.org/x/net/http2/hpack                                 from golang.org/x/net/http2+
        golang.org/x/net/icmp                                        from tailscale.com/net/ping
        golang.org/x/net/idna                                        from golang.org/x/net/http/httpguts+
-        golang.org/x/net/ipv4                                        from github.com/miekg/dns+
-        golang.org/x/net/ipv6                                        from github.com/miekg/dns+
+        golang.org/x/net/ipv4                                        from golang.org/x/net/icmp+
+        golang.org/x/net/ipv6                                        from golang.org/x/net/icmp+
        golang.org/x/net/proxy                                       from tailscale.com/net/netns
   D    golang.org/x/net/route                                       from net+
        golang.org/x/oauth2                                          from golang.org/x/oauth2/clientcredentials
@ -226,7 +224,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
        crypto/sha256                                                from crypto/tls+
        crypto/sha512                                                from crypto/ecdsa+
        crypto/subtle                                                from crypto/aes+
-        crypto/tls                                                   from github.com/miekg/dns+
+        crypto/tls                                                   from golang.org/x/net/http2+
        crypto/x509                                                  from crypto/tls+
        crypto/x509/pkix                                             from crypto/x509+
   D    database/sql/driver                                          from github.com/google/uuid
--- a/cmd/tailscaled/depaware-minlinux.txt
+++ b/cmd/tailscaled/depaware-minlinux.txt
@ -35,7 +35,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
   L 💣 github.com/mdlayher/netlink/nlenc                            from github.com/jsimonetti/rtnetlink+
   L    github.com/mdlayher/sdnotify                                 from tailscale.com/util/systemd
   L 💣 github.com/mdlayher/socket                                   from github.com/mdlayher/netlink+
-        github.com/miekg/dns                                         from tailscale.com/net/dns/recursive
     💣 github.com/mitchellh/go-ps                                   from tailscale.com/safesocket
   L 💣 github.com/safchain/ethtool                                  from tailscale.com/doctor/ethtool+
        github.com/tailscale/golang-x-crypto/acme                    from tailscale.com/ipn/ipnlocal
@ -115,7 +114,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        tailscale.com/net/connstats                                  from tailscale.com/net/tstun+
        tailscale.com/net/dns                                        from tailscale.com/cmd/tailscaled+
        tailscale.com/net/dns/publicdns                              from tailscale.com/net/dns+
-        tailscale.com/net/dns/recursive                              from tailscale.com/net/dnsfallback
        tailscale.com/net/dns/resolvconffile                         from tailscale.com/net/dns+
        tailscale.com/net/dns/resolver                               from tailscale.com/net/dns
        tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
@ -269,8 +267,8 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        golang.org/x/net/http2/hpack                                 from golang.org/x/net/http2+
        golang.org/x/net/icmp                                        from tailscale.com/net/ping
        golang.org/x/net/idna                                        from golang.org/x/net/http/httpguts+
-        golang.org/x/net/ipv4                                        from github.com/miekg/dns+
-        golang.org/x/net/ipv6                                        from github.com/miekg/dns+
+        golang.org/x/net/ipv4                                        from github.com/tailscale/wireguard-go/conn+
+        golang.org/x/net/ipv6                                        from github.com/tailscale/wireguard-go/conn+
        golang.org/x/net/proxy                                       from tailscale.com/net/netns
   D    golang.org/x/net/route                                       from net+
        golang.org/x/sync/errgroup                                   from github.com/mdlayher/socket+
@ -308,7 +306,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
        crypto/sha256                                                from crypto/tls+
        crypto/sha512                                                from crypto/ecdsa+
        crypto/subtle                                                from crypto/aes+
-        crypto/tls                                                   from github.com/miekg/dns+
+        crypto/tls                                                   from github.com/tailscale/golang-x-crypto/acme+
        crypto/x509                                                  from crypto/tls+
        crypto/x509/pkix                                             from crypto/x509+
        embed                                                        from crypto/internal/nistec+
--- a/net/dnsfallback/dnsfallback.go
+++ b/net/dnsfallback/dnsfallback.go
@ -29,7 +29,6 @@ import (
 	"tailscale.com/atomicfile"
 	"tailscale.com/envknob"
 	"tailscale.com/health"
-	"tailscale.com/net/dns/recursive"
 	"tailscale.com/net/netmon"
 	"tailscale.com/net/netns"
 	"tailscale.com/net/tlsdial"
@ -95,10 +94,8 @@ func (fr *fallbackResolver) Lookup(ctx context.Context, host string) ([]netip.Ad
 		done = make(chan struct{})
 		go func() {
 			defer close(done)
-			fr.compareWithRecursive(ctx, addrsCh, host)
 		}()
 	} else {
-		go fr.compareWithRecursive(ctx, addrsCh, host)
 	}

 	addrs, err := lookup(ctx, host, fr.logf, fr.healthTracker, fr.netMon)
@ -117,98 +114,6 @@ func (fr *fallbackResolver) Lookup(ctx context.Context, host string) ([]netip.Ad
 	return addrs, nil
 }

-// compareWithRecursive is responsible for comparing the DNS resolution
-// performed via the "normal" path (bootstrap DNS requests to the DERP servers)
-// with DNS resolution performed with our in-process recursive DNS resolver.
-//
-// It will select on addrsCh to read exactly one set of addrs (returned by the
-// "normal" path) and compare against the results returned by the recursive
-// resolver. If ctx is canceled, then it will abort.
-func (fr *fallbackResolver) compareWithRecursive(
-	ctx context.Context,
-	addrsCh <-chan []netip.Addr,
-	host string,
-) {
-	logf := logger.WithPrefix(fr.logf, "recursive: ")
-
-	// Ensure that we catch panics while we're testing this
-	// code path; this should never panic, but we don't
-	// want to take down the process by having the panic
-	// propagate to the top of the goroutine's stack and
-	// then terminate.
-	defer func() {
-		if r := recover(); r != nil {
-			logf("bootstrap DNS: recovered panic: %v", r)
-			metricRecursiveErrors.Add(1)
-		}
-	}()
-
-	// Don't resolve the same host multiple times
-	// concurrently; if we end up in a tight loop, this can
-	// take up a lot of CPU.
-	var didRun bool
-	result, err, _ := fr.sf.Do(host, func() (resolveResult, error) {
-		didRun = true
-		resolver := &recursive.Resolver{
-			Dialer: netns.NewDialer(logf, fr.netMon),
-			Logf:   logf,
-		}
-		addrs, minTTL, err := resolver.Resolve(ctx, host)
-		if err != nil {
-			logf("error using recursive resolver: %v", err)
-			metricRecursiveErrors.Add(1)
-			return resolveResult{}, err
-		}
-		return resolveResult{addrs, minTTL}, nil
-	})
-
-	// The singleflight function handled errors; return if
-	// there was one. Additionally, don't bother doing the
-	// comparison if we waited on another singleflight
-	// caller; the results are likely to be the same, so
-	// rather than spam the logs we can just exit and let
-	// the singleflight call that did execute do the
-	// comparison.
-	//
-	// Returning here is safe because the addrsCh channel
-	// is buffered, so the main function won't block even
-	// if we never read from it.
-	if err != nil || !didRun {
-		return
-	}
-
-	addrs, minTTL := result.addrs, result.minTTL
-	compareAddr := func(a, b netip.Addr) int { return a.Compare(b) }
-	slices.SortFunc(addrs, compareAddr)
-
-	// Wait for a response from the main function; try this once before we
-	// check whether the context is canceled since selects are
-	// nondeterministic.
-	var oldAddrs []netip.Addr
-	select {
-	case oldAddrs = <-addrsCh:
-		// All good; continue
-	default:
-		// Now block.
-		select {
-		case oldAddrs = <-addrsCh:
-		case <-ctx.Done():
-			return
-		}
-	}
-	slices.SortFunc(oldAddrs, compareAddr)
-
-	matches := slices.Equal(addrs, oldAddrs)
-
-	logf("bootstrap DNS comparison: matches=%v oldAddrs=%v addrs=%v minTTL=%v", matches, oldAddrs, addrs, minTTL)
-
-	if matches {
-		metricRecursiveMatches.Add(1)
-	} else {
-		metricRecursiveMismatches.Add(1)
-	}
-}
-
 func lookup(ctx context.Context, host string, logf logger.Logf, ht *health.Tracker, netMon *netmon.Monitor) ([]netip.Addr, error) {
 	if ip, err := netip.ParseAddr(host); err == nil && ip.IsValid() {
 		return []netip.Addr{ip}, nil