mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 11:41:51 +00:00
53968063a5
Fixes #4488 ```[tasklist] # Before merging - [x] There's one call site that won't compile on Linux. Make this cross-platform. - [x] Does the rule get removed every time when you quit gracefully? - [x] Will this NRPT rule prevent connlib from re-resolving the portal IP if it needs to? - [x] Test network switching. Does this work worse, better, or the same? - [ ] Is the Windows DNS cache flushed exactly when it needs to be? ``` - After connlib connects to the portal, we add an NRPT rule asking Windows to send **all** DNS queries to our sentinels. This should also be called whenever the interface is re-configured, which might change the sentinel IPs - When exiting gracefully, we delete the rule to restore normal DNS behavior without having to back up and restore the other IPs - We also delete the rule at startup so that if Firezone crashes or misbehaves, restarting it should restore normal DNS - We also flush the system-wide DNS cache whenever we claim different routes. This may flush too often, and it may also miss some flushes that we should do. It needs double-checking. - There is still a gap when changing networks, DNS can leak there, but I don't think it's worse than before.