tailscale icon indicating copy to clipboard operation
tailscale copied to clipboard
verified publisher icon tailscale

ACLs validation silently fails if an invalid hostname is used

Open filviu opened this issue 3 years ago • 0 comments

What is the issue?

Consider we define a host:

"hosts": {
		"host1":   "1.2.3.4",
}

Then we setup a rule similar to this:

{
	"action": "accept",
	"src":    ["group:sales"],
	"proto":  "tcp",
	"dst":    ["host1:443"],
},

It all works as expected. Then I wanted to know whether I can use a FQDN host without defining in the "hosts" area:

{
	"action": "accept",
	"src":    ["group:sales"],
	"proto":  "tcp",
	"dst":    ["host1:443", "host2.example.com:443"],
},

The ACL validates and saves but not only I don't get access to host2.example.com I also loose access to host1 which tells me that the whole rule fails. It's not critical, now I know I can't use FQDNs but I think that the validation should catch this if undefined hosts break rules...

Steps to reproduce

Setup hosts as above.

Are there any recent changes that introduced the issue?

not sure, I'm new here :)

OS

Windows

OS version

Windows 11

Tailscale version

1.30

Bug report

BUG-2e14844fc1f231bfc5adc75afdbb9d2abc3484fd2e9722398ad86beb2aab8c05-20220902123951Z-c10a5dcd43a4f5fc

EDIT: grammar

filviu avatar Sep 02 '22 12:09 filviu