From cd650de1f8aff85231d25b24f211a9660b393645 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Wed, 12 Nov 2025 16:40:58 +1100 Subject: [PATCH] refactor: prepare client `init` for upstream DoH servers (#10851) In order to support multiple different protocols of upstream DNS resolvers, we deprecate the `upstream_dns` field in the client's `init` message and introduce two new fields: - `upstream_do53` - `upstream_doh` For now, only `upstream_do53` is populated and `upstream_doh` is always empty. On the client-side, we for now only introduce the `upstream_do53` field but fall-back to `upstream_dns` if that one is empty. This makes this PR backwards-compatible with the portal version that is currently deployed in production. Thus, this PR can be merged even prior to deploying the portal. Internally, we prepare connlib's abstractions to deal with different kinds of upstreams by renaming all existing "upstream DNS" references to `upstream_do53`: DNS over port 53. That includes UDP as well as TCP DNS resolution. Resolves: #10791 --------- Co-authored-by: Jamil Bou Kheir --- .../api/lib/api/client/views/interface.ex | 32 +++++++++++---- .../apps/api/test/api/client/channel_test.exs | 12 +++++- .../lib/domain/accounts/config/changeset.ex | 32 +++++++-------- rust/connlib/tunnel/src/client.rs | 4 +- rust/connlib/tunnel/src/client/dns_config.rs | 32 ++++++++------- rust/connlib/tunnel/src/messages.rs | 27 ++++++++++++- rust/connlib/tunnel/src/tests/reference.rs | 10 ++--- rust/connlib/tunnel/src/tests/sim_client.rs | 39 ++++++++++--------- rust/connlib/tunnel/src/tests/strategies.rs | 21 ++++------ rust/connlib/tunnel/src/tests/stub_portal.rs | 9 ++--- rust/connlib/tunnel/src/tests/sut.rs | 18 +++++---- rust/connlib/tunnel/src/tests/transition.rs | 6 +-- 12 files changed, 147 insertions(+), 95 deletions(-) diff --git a/elixir/apps/api/lib/api/client/views/interface.ex b/elixir/apps/api/lib/api/client/views/interface.ex index 6a3f5dde9..34f2430ab 100644 --- a/elixir/apps/api/lib/api/client/views/interface.ex +++ b/elixir/apps/api/lib/api/client/views/interface.ex @@ -1,20 +1,36 @@ defmodule API.Client.Views.Interface do - alias Domain.{Accounts, Clients} + alias Domain.Clients def render(%Clients.Client{} = client) do + clients_upstream_dns = Map.get(client.account.config, :clients_upstream_dns, []) + + # TODO: DOH RESOLVERS + # Remove this old field once clients are upgraded. + # old field - append normalized port upstream_dns = - client.account.config - |> Map.get(:clients_upstream_dns, []) - |> Enum.map(fn dns_config -> - address = Accounts.Config.Changeset.normalize_dns_address(dns_config) - Map.from_struct(%{dns_config | address: address}) + clients_upstream_dns + |> Enum.map(fn %{address: address} = dns_config -> + ip = URI.parse("//" <> address).host + Map.from_struct(%{dns_config | address: "#{ip}:53"}) + end) + + # new field - no port + upstream_do53 = + clients_upstream_dns + |> Enum.map(fn %{address: address} -> + %{ip: URI.parse("//" <> address).host} end) %{ search_domain: client.account.config.search_domain, - upstream_dns: upstream_dns, + upstream_do53: upstream_do53, + # Populate from DB once present. + upstream_doh: [], ipv4: client.ipv4, - ipv6: client.ipv6 + ipv6: client.ipv6, + + # Legacy field + upstream_dns: upstream_dns } end end diff --git a/elixir/apps/api/test/api/client/channel_test.exs b/elixir/apps/api/test/api/client/channel_test.exs index 2355cdc18..545a85d89 100644 --- a/elixir/apps/api/test/api/client/channel_test.exs +++ b/elixir/apps/api/test/api/client/channel_test.exs @@ -351,6 +351,11 @@ defmodule API.Client.ChannelTest do %{protocol: :ip_port, address: "1.1.1.1:53"}, %{protocol: :ip_port, address: "8.8.8.8:53"} ], + upstream_do53: [ + %{ip: "1.1.1.1"}, + %{ip: "8.8.8.8"} + ], + upstream_doh: [], search_domain: "example.com" } end @@ -909,7 +914,12 @@ defmodule API.Client.ChannelTest do upstream_dns: [ %{address: "1.1.1.1:53", protocol: :ip_port}, %{address: "8.8.8.8:53", protocol: :ip_port} - ] + ], + upstream_do53: [ + %{ip: "1.1.1.1"}, + %{ip: "8.8.8.8"} + ], + upstream_doh: [] } } end diff --git a/elixir/apps/domain/lib/domain/accounts/config/changeset.ex b/elixir/apps/domain/lib/domain/accounts/config/changeset.ex index 2468fe5dc..cbd0700ec 100644 --- a/elixir/apps/domain/lib/domain/accounts/config/changeset.ex +++ b/elixir/apps/domain/lib/domain/accounts/config/changeset.ex @@ -64,22 +64,6 @@ defmodule Domain.Accounts.Config.Changeset do end end - def normalize_dns_address(%Config.ClientsUpstreamDNS{protocol: :ip_port, address: address}) do - case IPPort.cast(address) do - {:ok, address} -> - address - |> IPPort.put_default_port(@default_dns_port) - |> to_string() - - _ -> - address - end - end - - def normalize_dns_address(%Config.ClientsUpstreamDNS{address: address}) do - address - end - def client_upstream_dns_changeset(client_upstream_dns \\ %Config.ClientsUpstreamDNS{}, attrs) do client_upstream_dns |> cast(attrs, [:protocol, :address]) @@ -130,4 +114,20 @@ defmodule Domain.Accounts.Config.Changeset do |> cast_embed(:outdated_gateway, with: &Config.Notifications.Email.Changeset.changeset/2) |> cast_embed(:idp_sync_error, with: &Config.Notifications.Email.Changeset.changeset/2) end + + defp normalize_dns_address(%Config.ClientsUpstreamDNS{protocol: :ip_port, address: address}) do + case IPPort.cast(address) do + {:ok, address} -> + address + |> IPPort.put_default_port(@default_dns_port) + |> to_string() + + _ -> + address + end + end + + defp normalize_dns_address(%Config.ClientsUpstreamDNS{address: address}) do + address + end end diff --git a/rust/connlib/tunnel/src/client.rs b/rust/connlib/tunnel/src/client.rs index edd3f71a3..6aa5273b0 100644 --- a/rust/connlib/tunnel/src/client.rs +++ b/rust/connlib/tunnel/src/client.rs @@ -1026,11 +1026,11 @@ impl ClientState { } pub fn update_interface_config(&mut self, config: InterfaceConfig) { - tracing::trace!(upstream_dns = ?config.upstream_dns, search_domain = ?config.search_domain, ipv4 = %config.ipv4, ipv6 = %config.ipv6, "Received interface configuration from portal"); + tracing::trace!(upstream_do53 = ?config.upstream_do53(), search_domain = ?config.search_domain, ipv4 = %config.ipv4, ipv6 = %config.ipv6, "Received interface configuration from portal"); let changed = self .dns_config - .update_upstream_resolvers(config.upstream_dns); + .update_upstream_do53_resolvers(config.upstream_do53()); if changed { self.dns_cache.flush("DNS servers changed"); diff --git a/rust/connlib/tunnel/src/client/dns_config.rs b/rust/connlib/tunnel/src/client/dns_config.rs index 2f8ae0b70..af454b0dd 100644 --- a/rust/connlib/tunnel/src/client/dns_config.rs +++ b/rust/connlib/tunnel/src/client/dns_config.rs @@ -8,17 +8,16 @@ use ip_network::IpNetwork; use crate::{ client::{DNS_SENTINELS_V4, DNS_SENTINELS_V6, IpProvider}, dns::DNS_PORT, - messages::DnsServer, }; #[derive(Debug, Default)] pub(crate) struct DnsConfig { /// The DNS resolvers configured on the system outside of connlib. system_resolvers: Vec, - /// The DNS resolvers configured in the portal. + /// The Do53 resolvers configured in the portal. /// /// Has priority over system-configured DNS servers. - upstream_dns: Vec, + upstream_do53: Vec, /// Maps from connlib-assigned IP of a DNS server back to the originally configured system DNS resolver. mapping: DnsMapping, @@ -74,16 +73,16 @@ impl DnsConfig { } #[must_use = "Check if the DNS mapping has changed"] - pub(crate) fn update_upstream_resolvers(&mut self, servers: Vec) -> bool { + pub(crate) fn update_upstream_do53_resolvers(&mut self, servers: Vec) -> bool { tracing::debug!(?servers, "Received upstream-defined DNS servers"); - self.upstream_dns = servers.into_iter().map(|s| s.address()).collect(); + self.upstream_do53 = servers; self.update_dns_mapping() } pub(crate) fn has_custom_upstream(&self) -> bool { - !self.upstream_dns.is_empty() + !self.upstream_do53.is_empty() } pub(crate) fn mapping(&mut self) -> DnsMapping { @@ -92,7 +91,7 @@ impl DnsConfig { fn update_dns_mapping(&mut self) -> bool { let effective_dns_servers = - effective_dns_servers(self.upstream_dns.clone(), self.system_resolvers.clone()); + effective_dns_servers(self.upstream_do53.clone(), self.system_resolvers.clone()); if HashSet::::from_iter(effective_dns_servers.clone()) == HashSet::from_iter(self.mapping.upstream_sockets()) @@ -109,18 +108,23 @@ impl DnsConfig { } fn effective_dns_servers( - upstream_dns: Vec, + upstream_do53: Vec, default_resolvers: Vec, ) -> Vec { - let mut upstream_dns = upstream_dns.into_iter().filter_map(not_sentinel).peekable(); + let mut upstream_dns = upstream_do53 + .into_iter() + .filter_map(not_sentinel) + .peekable(); if upstream_dns.peek().is_some() { - return upstream_dns.collect(); + return upstream_dns + .map(|ip| SocketAddr::new(ip, DNS_PORT)) + .collect(); } let mut dns_servers = default_resolvers .into_iter() - .map(|ip| SocketAddr::new(ip, DNS_PORT)) .filter_map(not_sentinel) + .map(|ip| SocketAddr::new(ip, DNS_PORT)) .peekable(); if dns_servers.peek().is_none() { @@ -152,9 +156,9 @@ fn sentinel_dns_mapping(dns: &[SocketAddr], old_sentinels: Vec) -> DnsMa DnsMapping { inner: mapping } } -fn not_sentinel(srv: SocketAddr) -> Option { - let is_v4_dns = IpNetwork::V4(DNS_SENTINELS_V4).contains(srv.ip()); - let is_v6_dns = IpNetwork::V6(DNS_SENTINELS_V6).contains(srv.ip()); +fn not_sentinel(srv: IpAddr) -> Option { + let is_v4_dns = IpNetwork::V4(DNS_SENTINELS_V4).contains(srv); + let is_v6_dns = IpNetwork::V6(DNS_SENTINELS_V6).contains(srv); (!is_v4_dns && !is_v6_dns).then_some(srv) } diff --git a/rust/connlib/tunnel/src/messages.rs b/rust/connlib/tunnel/src/messages.rs index 04a243313..6e7e8047f 100644 --- a/rust/connlib/tunnel/src/messages.rs +++ b/rust/connlib/tunnel/src/messages.rs @@ -169,11 +169,36 @@ pub struct Interface { /// DNS that will be used to query for DNS that aren't within our resource list. #[serde(skip_serializing_if = "Vec::is_empty")] #[serde(default)] - pub upstream_dns: Vec, + pub upstream_dns: Vec, // TODO: Remove once portal with `upstream_do53` support has been deployed. + #[serde(skip_serializing_if = "Vec::is_empty")] + #[serde(default)] + pub upstream_do53: Vec, + #[serde(default)] pub search_domain: Option, } +impl Interface { + pub fn upstream_do53(&self) -> Vec { + if !self.upstream_do53.is_empty() { + return self.upstream_do53.iter().map(|u| u.ip).collect(); + } + + // Fallback whilst the portal does not send `upstream_do53`. + self.upstream_dns + .iter() + .map(|u| match u { + DnsServer::IpPort(ip_dns_server) => ip_dns_server.address.ip(), + }) + .collect() + } +} + +#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)] +pub struct UpstreamDo53 { + pub ip: IpAddr, +} + /// A single relay #[derive(Debug, Deserialize, Clone, PartialEq, Eq)] #[serde(tag = "type", rename_all = "snake_case")] diff --git a/rust/connlib/tunnel/src/tests/reference.rs b/rust/connlib/tunnel/src/tests/reference.rs index d3efbb2a4..331c4e819 100644 --- a/rust/connlib/tunnel/src/tests/reference.rs +++ b/rust/connlib/tunnel/src/tests/reference.rs @@ -60,7 +60,7 @@ impl ReferenceState { .prop_flat_map(move |portal| { let gateways = portal.gateways(start); let dns_resource_records = portal.dns_resource_records(start); - let client = portal.client(system_dns_servers(), upstream_dns_servers()); + let client = portal.client(system_dns_servers(), upstream_do53_servers()); let relays = relays(relay_id()); let global_dns_records = global_dns_records(start); // Start out with a set of global DNS records so we have something to resolve outside of DNS resources. let drop_direct_client_traffic = any::(); @@ -219,7 +219,7 @@ impl ReferenceState { ) .with( 1, - upstream_dns_servers().prop_map(Transition::UpdateUpstreamDnsServers), + upstream_do53_servers().prop_map(Transition::UpdateUpstreamDo53Servers), ) .with( 1, @@ -574,7 +574,7 @@ impl ReferenceState { .client .exec_mut(|client| client.set_system_dns_resolvers(servers)); } - Transition::UpdateUpstreamDnsServers(servers) => { + Transition::UpdateUpstreamDo53Servers(servers) => { state .client .exec_mut(|client| client.set_upstream_dns_resolvers(servers)); @@ -731,14 +731,14 @@ impl ReferenceState { .iter() .any(|dns_server| state.client.sending_socket_for(*dns_server).is_some()) } - Transition::UpdateUpstreamDnsServers(servers) => { + Transition::UpdateUpstreamDo53Servers(servers) => { if servers.is_empty() { return true; // Clearing is allowed. } servers .iter() - .any(|dns_server| state.client.sending_socket_for(dns_server.ip()).is_some()) + .any(|dns_server| state.client.sending_socket_for(dns_server.ip).is_some()) } Transition::UpdateUpstreamSearchDomain(_) => true, Transition::SendDnsQueries(queries) => queries.iter().all(|query| { diff --git a/rust/connlib/tunnel/src/tests/sim_client.rs b/rust/connlib/tunnel/src/tests/sim_client.rs index 579d4b1f8..ee8547613 100644 --- a/rust/connlib/tunnel/src/tests/sim_client.rs +++ b/rust/connlib/tunnel/src/tests/sim_client.rs @@ -7,10 +7,10 @@ use super::{ strategies::latency, transition::{DPort, Destination, DnsQuery, DnsTransport, Identifier, SPort, Seq}, }; -use crate::{ClientState, DnsMapping, DnsResourceRecord, proptest::*}; +use crate::{ClientState, DnsMapping, DnsResourceRecord, messages::UpstreamDo53, proptest::*}; use crate::{ client::{CidrResource, DnsResource, InternetResource, Resource}, - messages::{DnsServer, Interface}, + messages::Interface, }; use connlib_model::{ClientId, GatewayId, RelayId, ResourceId, ResourceStatus, Site, SiteId}; use dns_types::{DomainName, Query, RecordData, RecordType}; @@ -420,9 +420,9 @@ pub struct RefClient { /// The DNS resolvers configured on the client outside of connlib. #[debug(skip)] system_dns_resolvers: Vec, - /// The upstream DNS resolvers configured in the portal. + /// The upstream Do53 resolvers configured in the portal. #[debug(skip)] - upstream_dns_resolvers: Vec, + upstream_do53_resolvers: Vec, /// The search-domain configured in the portal. pub(crate) search_domain: Option, @@ -500,7 +500,8 @@ impl RefClient { client_state.update_interface_config(Interface { ipv4: self.tunnel_ip4, ipv6: self.tunnel_ip6, - upstream_dns: self.upstream_dns_resolvers.clone(), + upstream_dns: Vec::new(), + upstream_do53: self.upstream_do53_resolvers.clone(), search_domain: self.search_domain.clone(), }); client_state.update_system_resolvers(self.system_dns_resolvers.clone()); @@ -1062,11 +1063,11 @@ impl RefClient { /// /// This purposely returns a `Vec` so we also assert the order! pub(crate) fn expected_dns_servers(&self) -> Vec { - if !self.upstream_dns_resolvers.is_empty() { + if !self.upstream_do53_resolvers.is_empty() { return self - .upstream_dns_resolvers + .upstream_do53_resolvers .iter() - .map(DnsServer::address) + .map(|u| SocketAddr::new(u.ip, 53)) .collect(); } @@ -1152,7 +1153,7 @@ impl RefClient { /// DNS servers may be resources, in which case queries that need to be forwarded actually need to be encapsulated. pub(crate) fn dns_query_via_resource(&self, query: &DnsQuery) -> Option { // Unless we are using upstream resolvers, DNS queries are never routed through the tunnel. - if self.upstream_dns_resolvers.is_empty() { + if self.upstream_do53_resolvers.is_empty() { return None; } @@ -1208,16 +1209,16 @@ impl RefClient { self.system_dns_resolvers.clone_from(servers); } - pub(crate) fn set_upstream_dns_resolvers(&mut self, servers: &Vec) { - self.upstream_dns_resolvers.clone_from(servers); + pub(crate) fn set_upstream_dns_resolvers(&mut self, servers: &Vec) { + self.upstream_do53_resolvers.clone_from(servers); } pub(crate) fn set_upstream_search_domain(&mut self, domain: Option<&DomainName>) { self.search_domain = domain.cloned() } - pub(crate) fn upstream_dns_resolvers(&self) -> Vec { - self.upstream_dns_resolvers.clone() + pub(crate) fn upstream_dns_resolvers(&self) -> Vec { + self.upstream_do53_resolvers.clone() } pub(crate) fn has_tcp_connection( @@ -1266,7 +1267,7 @@ pub(crate) fn ref_client_host( tunnel_ip4s: impl Strategy, tunnel_ip6s: impl Strategy, system_dns: impl Strategy>, - upstream_dns: impl Strategy>, + upstream_do53: impl Strategy>, search_domain: impl Strategy>, ) -> impl Strategy> { host( @@ -1276,7 +1277,7 @@ pub(crate) fn ref_client_host( tunnel_ip4s, tunnel_ip6s, system_dns, - upstream_dns, + upstream_do53, search_domain, ), latency(250), // TODO: Increase with #6062. @@ -1287,14 +1288,14 @@ fn ref_client( tunnel_ip4s: impl Strategy, tunnel_ip6s: impl Strategy, system_dns: impl Strategy>, - upstream_dns: impl Strategy>, + upstream_do53: impl Strategy>, search_domain: impl Strategy>, ) -> impl Strategy { ( tunnel_ip4s, tunnel_ip6s, system_dns, - upstream_dns, + upstream_do53, search_domain, any::(), client_id(), @@ -1305,7 +1306,7 @@ fn ref_client( tunnel_ip4, tunnel_ip6, system_dns_resolvers, - upstream_dns_resolvers, + upstream_do53_resolvers, search_domain, internet_resource_active, id, @@ -1317,7 +1318,7 @@ fn ref_client( tunnel_ip4, tunnel_ip6, system_dns_resolvers, - upstream_dns_resolvers, + upstream_do53_resolvers, search_domain, internet_resource_active, cidr_resources: IpNetworkTable::new(), diff --git a/rust/connlib/tunnel/src/tests/strategies.rs b/rust/connlib/tunnel/src/tests/strategies.rs index b9fea2e9a..cc6da3398 100644 --- a/rust/connlib/tunnel/src/tests/strategies.rs +++ b/rust/connlib/tunnel/src/tests/strategies.rs @@ -5,7 +5,7 @@ use crate::client::{ CidrResource, DNS_SENTINELS_V4, DNS_SENTINELS_V6, DnsResource, IPV4_RESOURCES, IPV6_RESOURCES, InternetResource, }; -use crate::messages::DnsServer; +use crate::messages::UpstreamDo53; use crate::{IPV4_TUNNEL, IPV6_TUNNEL, proptest::*}; use connlib_model::{RelayId, Site}; use dns_types::{DomainName, OwnedRecordData}; @@ -192,15 +192,11 @@ pub(crate) fn relays( /// Sample a list of DNS servers. /// /// We make sure to always have at least 1 IPv4 and 1 IPv6 DNS server. -pub(crate) fn dns_servers() -> impl Strategy> { - let ip4_dns_servers = collection::btree_set( - non_reserved_ipv4().prop_map(|ip| SocketAddr::from((ip, 53))), - 1..4, - ); - let ip6_dns_servers = collection::btree_set( - non_reserved_ipv6().prop_map(|ip| SocketAddr::from((ip, 53))), - 1..4, - ); +pub(crate) fn dns_servers() -> impl Strategy> { + let ip4_dns_servers = + collection::btree_set(non_reserved_ipv4().prop_map_into::(), 1..4); + let ip6_dns_servers = + collection::btree_set(non_reserved_ipv6().prop_map_into::(), 1..4); (ip4_dns_servers, ip6_dns_servers).prop_map(|(mut v4, v6)| { v4.extend(v6); @@ -366,15 +362,14 @@ pub(crate) fn system_dns_servers() -> impl Strategy> { let max = dns_servers.len(); sample::subsequence(Vec::from_iter(dns_servers), ..=max) - .prop_map(|seq| seq.into_iter().map(|h| h.ip()).collect()) }) } -pub(crate) fn upstream_dns_servers() -> impl Strategy> { +pub(crate) fn upstream_do53_servers() -> impl Strategy> { dns_servers().prop_flat_map(|dns_servers| { let max = dns_servers.len(); sample::subsequence(Vec::from_iter(dns_servers), ..=max) - .prop_map(|seq| seq.into_iter().map(|h| h.into()).collect()) + .prop_map(|seq| seq.into_iter().map(|ip| UpstreamDo53 { ip }).collect()) }) } diff --git a/rust/connlib/tunnel/src/tests/stub_portal.rs b/rust/connlib/tunnel/src/tests/stub_portal.rs index 558ae5691..c215a74cb 100644 --- a/rust/connlib/tunnel/src/tests/stub_portal.rs +++ b/rust/connlib/tunnel/src/tests/stub_portal.rs @@ -5,11 +5,8 @@ use super::{ sim_net::Host, strategies::{resolved_ips, site_specific_dns_record, subdomain_records}, }; -use crate::{client, proptest::*}; -use crate::{ - client::DnsResource, - messages::{DnsServer, gateway}, -}; +use crate::{client, messages::UpstreamDo53, proptest::*}; +use crate::{client::DnsResource, messages::gateway}; use connlib_model::{GatewayId, Site}; use connlib_model::{ResourceId, SiteId}; use dns_types::DomainName; @@ -291,7 +288,7 @@ impl StubPortal { ) -> impl Strategy> + use where S1: Strategy>, - S2: Strategy>, + S2: Strategy>, { ref_client_host( Just(self.client_tunnel_ipv4), diff --git a/rust/connlib/tunnel/src/tests/sut.rs b/rust/connlib/tunnel/src/tests/sut.rs index 2b07fea7f..f3b277316 100644 --- a/rust/connlib/tunnel/src/tests/sut.rs +++ b/rust/connlib/tunnel/src/tests/sut.rs @@ -269,12 +269,13 @@ impl TunnelTest { .client .exec_mut(|c| c.sut.update_system_resolvers(servers)); } - Transition::UpdateUpstreamDnsServers(servers) => { + Transition::UpdateUpstreamDo53Servers(upstream_do53) => { state.client.exec_mut(|c| { c.sut.update_interface_config(Interface { ipv4: c.sut.tunnel_ip_config().unwrap().v4, ipv6: c.sut.tunnel_ip_config().unwrap().v6, - upstream_dns: servers, + upstream_dns: vec![], + upstream_do53, search_domain: ref_state.client.inner().search_domain.clone(), }) }); @@ -284,7 +285,8 @@ impl TunnelTest { c.sut.update_interface_config(Interface { ipv4: c.sut.tunnel_ip_config().unwrap().v4, ipv6: c.sut.tunnel_ip_config().unwrap().v6, - upstream_dns: ref_state.client.inner().upstream_dns_resolvers(), + upstream_dns: vec![], + upstream_do53: ref_state.client.inner().upstream_dns_resolvers(), search_domain, }) }); @@ -310,7 +312,7 @@ impl TunnelTest { Transition::ReconnectPortal => { let ipv4 = state.client.inner().sut.tunnel_ip_config().unwrap().v4; let ipv6 = state.client.inner().sut.tunnel_ip_config().unwrap().v6; - let upstream_dns = ref_state.client.inner().upstream_dns_resolvers(); + let upstream_do53 = ref_state.client.inner().upstream_dns_resolvers(); let all_resources = ref_state.client.inner().all_resources(); // Simulate receiving `init`. @@ -318,7 +320,8 @@ impl TunnelTest { c.sut.update_interface_config(Interface { ipv4, ipv6, - upstream_dns, + upstream_dns: Vec::new(), + upstream_do53, search_domain: ref_state.client.inner().search_domain.clone(), }); c.update_relays(iter::empty(), state.relays.iter(), now); @@ -402,7 +405,7 @@ impl TunnelTest { let ipv4 = state.client.inner().sut.tunnel_ip_config().unwrap().v4; let ipv6 = state.client.inner().sut.tunnel_ip_config().unwrap().v6; let system_dns = ref_state.client.inner().system_dns_resolvers(); - let upstream_dns = ref_state.client.inner().upstream_dns_resolvers(); + let upstream_do53 = ref_state.client.inner().upstream_dns_resolvers(); let all_resources = ref_state.client.inner().all_resources(); let internet_resource_state = ref_state.client.inner().internet_resource_active; @@ -413,7 +416,8 @@ impl TunnelTest { c.sut.update_interface_config(Interface { ipv4, ipv6, - upstream_dns, + upstream_dns: Vec::new(), + upstream_do53, search_domain: ref_state.client.inner().search_domain.clone(), }); c.sut.update_system_resolvers(system_dns); diff --git a/rust/connlib/tunnel/src/tests/transition.rs b/rust/connlib/tunnel/src/tests/transition.rs index 9fa390993..d8afe569a 100644 --- a/rust/connlib/tunnel/src/tests/transition.rs +++ b/rust/connlib/tunnel/src/tests/transition.rs @@ -1,5 +1,6 @@ use crate::{ client::{CidrResource, IPV4_RESOURCES, IPV6_RESOURCES, Resource}, + messages::UpstreamDo53, proptest::{host_v4, host_v6}, }; use connlib_model::{RelayId, ResourceId, Site}; @@ -10,7 +11,6 @@ use super::{ reference::PrivateKey, sim_net::{Host, any_ip_stack}, }; -use crate::messages::DnsServer; use prop::collection; use proptest::{prelude::*, sample}; use std::{ @@ -66,8 +66,8 @@ pub(crate) enum Transition { /// The system's DNS servers changed. UpdateSystemDnsServers(Vec), - /// The upstream DNS servers changed. - UpdateUpstreamDnsServers(Vec), + /// The upstream Do53 servers changed. + UpdateUpstreamDo53Servers(Vec), /// The upstream search domain changed. UpdateUpstreamSearchDomain(Option),