chore: use coder DNS service address

[ethanndickson]

Relates to coder/coder#14718

This enables the Tailscale built-in DNS nameserver (Resolver) to listen on the pre-determined Coder DNS address, [fd60:627a:a42b::53]:53.

Note that there's currently a hardcoded check in the DNS manager that ignores the hosts on dns.Config unless goos= "windows". This means the platform specific part of CoderVPN won't get the specific host mappings, only the address of the Tailscale nameserver. If we need to modify the hosts file on Windows, we'll need to change that (answer pending dean's return) .

For example, this in: dns.Config produces the following OS config, and Resolver config:

in: Config{
	OnlyIPv6: true,
	Routes: map[dnsname.FQDN][]*dnstype.Resolver{
		"coder.": nil,
	},
	Hosts: hosts(
		"agent.myws.me.coder.", "fd60:627a:a42c::53",
	),
},
os: OSConfig{
	Nameservers: mustIPs("fd60:627a:a42b::53"),
},
rs: resolver.Config{
	Routes: upstreams(
		".", "",
	),
	Hosts: hosts(
		"agent.myws.me.coder.", "fd60:627a:a42c::53",
	),
	LocalDomains: fqdns("coder."),
},

[ethanndickson]

• chore: use coder DNS service address #64 👈
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @ethanndickson and the rest of your teammates on Graphite

[ethanndickson]

I don't totally understand the purpose of routes on resolver.Config. This just points to itself and it just works?

[spikecurtis]

It's for allowing the DNS service to query external DNS servers. We don't need it for our purposes since the local DNS will be authoritative for all **.coder. names, and we'll use split-DNS so that the OS only asks us for these names in the first place.

For OSes which don't support split DNS, Tailscale becomes the default resolver, and then gets configured with upstream DNS servers for queries it can't handle locally. We don't need to do this so we won't ever have upstream routes.