firezone icon indicating copy to clipboard operation
firezone copied to clipboard
verified publisher icon firezone

Use upstream resolvers in order

Open jamilbk opened this issue 9 months ago • 3 comments

In many cases, the order of DNS servers matter, whether entered into the portal, or read from the system resolvers.

When applying our sentinels to the system, we should aim to respect this order as much as possible to prevent surprises and difficult to diagnose debugging sessions.

  • [ ] On Windows, respect the original Preferred DNS server
  • [ ] On macOS, ensure the order of added dnsServers matches what's read from SystemConfiguration
  • [ ] On iOS, ensure the order of added dnsServers matches what's read from libresolv
  • [ ] On Android, ensure the order of added dnsServers matches what's read from the system APIs
  • [ ] On Linux, ensure the order of added dnsServers matches what's set in systemd-resolved, falling back to the order read from /etc/resolv.conf

jamilbk avatar Mar 14 '25 04:03 jamilbk

We can only influence this once we do #8263. Until then, the order the system tries them in is not in our control.

I think we do sort them lexically though because we use a BTreeSet internally.

thomaseizinger avatar Mar 14 '25 07:03 thomaseizinger

Updated the issue to reflect the actual problem the customer was having - server order.

jamilbk avatar Mar 19 '25 14:03 jamilbk

I think we do sort them lexically though because we use a BTreeSet internally.

I think connlib might in part be the problem here.

thomaseizinger avatar Mar 20 '25 23:03 thomaseizinger