net/dns: make MagicDNS IPv6 registration opt-out now, not opt-in

This adds a new ControlKnob to make MagicDNS IPv6 registration (telling systemd/etc) opt-out rather than opt-in. Updates #15404 Change-Id: If008e1cb046b792c6aff7bb1d7c58638f7d650b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2026-05-09 23:54:32 -04:00 · 2026-02-16 18:56:51 -10:00
parent a6390ca008
commit a7a864419d
5 changed files with 91 additions and 34 deletions
--- a/control/controlknobs/controlknobs.go
+++ b/control/controlknobs/controlknobs.go
@@ -113,6 +113,14 @@ type Knobs struct {
 	// resolver on Windows or when the host is domain-joined and its primary domain
 	// takes precedence over MagicDNS. As of 2026-02-13, it is only used on Windows.
 	DisableHostsFileUpdates atomic.Bool
+
+	// ForceRegisterMagicDNSIPv4Only is whether the node should only register
+	// its IPv4 MagicDNS service IP and not its IPv6 one. The IPv6 one,
+	// tsaddr.TailscaleServiceIPv6String, still works in either case. This knob
+	// controls only whether we tell systemd/etc about the IPv6 one.
+	// See https://github.com/tailscale/tailscale/issues/15404.
+	// TODO(bradfitz): remove this a few releases after 2026-02-16.
+	ForceRegisterMagicDNSIPv4Only atomic.Bool
 }

 // UpdateFromNodeAttributes updates k (if non-nil) based on the provided self
@@ -144,6 +152,7 @@ func (k *Knobs) UpdateFromNodeAttributes(capMap tailcfg.NodeCapMap) {
 		disableCaptivePortalDetection        = has(tailcfg.NodeAttrDisableCaptivePortalDetection)
 		disableSkipStatusQueue               = has(tailcfg.NodeAttrDisableSkipStatusQueue)
 		disableHostsFileUpdates              = has(tailcfg.NodeAttrDisableHostsFileUpdates)
+		forceRegisterMagicDNSIPv4Only        = has(tailcfg.NodeAttrForceRegisterMagicDNSIPv4Only)
 	)

 	if has(tailcfg.NodeAttrOneCGNATEnable) {
@@ -171,6 +180,7 @@ func (k *Knobs) UpdateFromNodeAttributes(capMap tailcfg.NodeCapMap) {
 	k.DisableCaptivePortalDetection.Store(disableCaptivePortalDetection)
 	k.DisableSkipStatusQueue.Store(disableSkipStatusQueue)
 	k.DisableHostsFileUpdates.Store(disableHostsFileUpdates)
+	k.ForceRegisterMagicDNSIPv4Only.Store(forceRegisterMagicDNSIPv4Only)

 	// If both attributes are present, then "enable" should win.  This reflects
 	// the history of seamless key renewal.
@@ -210,3 +220,9 @@ func (k *Knobs) AsDebugJSON() map[string]any {
 	}
 	return ret
 }
+
+// ShouldForceRegisterMagicDNSIPv4Only reports the value of
+// ForceRegisterMagicDNSIPv4Only, or false if k is nil.
+func (k *Knobs) ShouldForceRegisterMagicDNSIPv4Only() bool {
+	return k != nil && k.ForceRegisterMagicDNSIPv4Only.Load()
+}