Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Wildcard support for split DNS configuration #2341

Closed
2 tasks
lgrn opened this issue Jan 10, 2025 · 4 comments
Closed
2 tasks

[Feature] Wildcard support for split DNS configuration #2341

lgrn opened this issue Jan 10, 2025 · 4 comments
Labels
enhancement New feature or request

Comments

@lgrn
Copy link
Contributor

lgrn commented Jan 10, 2025
edited
Loading

Use case

There is a split attribute in config-example.yaml that allows you to configure "a map of domains and which DNS server to use for each". In cases of a split VPN scenario, where Headscale is only used to access "internal" resources but not the rest of the Internet, it seems likely that one would want to configure entire domains or subdomains rather than explicit domain names to be passed to a separate DNS.

Description

Functionality today:

  nameservers:
    global:
      - 1.1.1.1
      - 1.0.0.1

    split:
      foo.internal.domain:
        - 10.10.10.10
      bar.internal.domain:
        - 10.10.10.10

Feature request:

  nameservers:
    global:
      - 1.1.1.1
      - 1.0.0.1

    split:
      *.internal.domain:
        - 10.10.10.10

If starting an attribute with * causes yaml or other syntax issues, perhaps the syntax .internal.domain or similar could be considered instead.

Contribution

  • I can write the design doc for this feature
  • I can contribute this feature

How can it be implemented?

No response
@lgrn lgrn added the enhancement New feature or request label Jan 10, 2025
@Nathanael-Mtd
Copy link

You can just set internal.domain to your specified DNS server, every request to that domain or subdomain will be handeled by the specified server.

For example:

  nameservers:
    global:
      - 1.1.1.1
      - 1.0.0.1

    split:
      internal.domain:
        - 10.10.10.10

@lgrn
Copy link
Contributor Author

lgrn commented Jan 10, 2025

That's great, if that already works then I'll just suggest that it's maybe clarified in the comments in config-example.yamland/or the docs (most of the attribute documentation seems to be in the config example itself).

If I understand the behavior correctly then adding foo.bar.com would also mean that sub.foo.bar.com triggers the same DNS rule which may be unexpected, so maybe that should be documented as well.

@Nathanael-Mtd
Copy link

Nathanael-Mtd commented Jan 10, 2025
edited
Loading

Yeah, DNS docs seems outdated.

It's not really unexpected, that's how DNS servers works.

Every requests you send with a specified suffix (zone is the right word) will be sent to the specified DNS server.
If the specified DNS server got the entry in his zone, it will return the answer, if not (depends of the DNS server config) it will check recursively the authoritative DNS server for the zone and get DNS entry and return that to you.

@lgrn
Copy link
Contributor Author

lgrn commented Jan 10, 2025

Yeah, I guess the comment does kind of already explain it since it says that it's a "map of domains" and not a map of hostnames. Anyway, thanks for the quick feedback.

@lgrn lgrn closed this as completed Jan 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lgrn @Nathanael-Mtd