Update DNS server configuration to use override DNS settings

- Change README to reflect the new `TSDNSPROXY_OVERRIDE_DNS` variable for specifying DNS servers.
- Modify `main.go` to implement logic for retrieving host DNS servers if no override is provided.
- Update Kubernetes deployment and kustomization files to replace `TSDNSPROXY_DEFAULT_DNS` with `TSDNSPROXY_OVERRIDE_DNS` for consistency.

Author: rajsinghtech

README.md

@@ -102,7 +102,7 @@ tsdnsproxy -authkey tskey-auth-YOUR-KEY
 - `TSDNSPROXY_HOSTNAME`: Hostname on tailnet (default: `tsdnsproxy`)
 - `TSDNSPROXY_STATE_DIR`: State directory (default: `/var/lib/tsdnsproxy`)
 - `TSDNSPROXY_STATE`: State storage backend (e.g., `kube:secret-name`)
-- `TSDNSPROXY_DEFAULT_DNS`: Default DNS servers (comma-separated)
+- `TSDNSPROXY_OVERRIDE_DNS`: Override host DNS servers (comma-separated, defaults to host's resolvers)
 - `TSDNSPROXY_LISTEN_ADDRS`: Listen addresses (default: `tailscale`) - see Network Configuration
 - `TSDNSPROXY_HEALTH_ADDR`: Health check endpoint address (default: `:8080`)
 - `TSDNSPROXY_VERBOSE`: Enable verbose logging (default: `false`)
@@ -116,7 +116,7 @@ tsdnsproxy \
   -listen-addrs tailscale,0.0.0.0:53 \
   -statedir /var/lib/tsdnsproxy \
   -state kube:tsdnsproxy-state \
-  -default-dns 8.8.8.8:53,8.8.4.4:53 \
+  -override-dns 8.8.8.8:53,8.8.4.4:53 \
   -cache-expiry 5m \
   -health-addr :8080 \
   -verbose

cmd/tsdnsproxy/main.go

@@ -12,6 +12,8 @@ import (
 	"strings"
 	"syscall"
 	"time"
+	"bufio"
+	"net"
 
 	"github.com/rajsinghtech/tsdnsproxy/internal/backend"
 	"github.com/rajsinghtech/tsdnsproxy/internal/cache"
@@ -31,6 +33,49 @@ func envOr(key, defaultVal string) string {
 	return defaultVal
 }
 
+func getHostDNSServers() []string {
+	var servers []string
+	
+	// Try to read from /etc/resolv.conf (Linux/Unix)
+	if file, err := os.Open("/etc/resolv.conf"); err == nil {
+		defer file.Close()
+		scanner := bufio.NewScanner(file)
+		for scanner.Scan() {
+			line := strings.TrimSpace(scanner.Text())
+			if strings.HasPrefix(line, "nameserver ") {
+				server := strings.TrimSpace(strings.TrimPrefix(line, "nameserver"))
+				// Add port if not specified
+				if !strings.Contains(server, ":") {
+					server += ":53"
+				}
+				servers = append(servers, server)
+			}
+		}
+		if len(servers) > 0 {
+			return servers
+		}
+	}
+	
+	// Fallback to system DNS resolution
+	config, err := net.DefaultResolver.LookupNS(context.Background(), ".")
+	if err == nil && len(config) > 0 {
+		for _, ns := range config {
+			if !strings.Contains(ns.Host, ":") {
+				servers = append(servers, ns.Host+":53")
+			} else {
+				servers = append(servers, ns.Host)
+			}
+		}
+		if len(servers) > 0 {
+			return servers
+		}
+	}
+	
+	// Final fallback to common public DNS
+	log.Println("warning: could not determine host DNS servers, falling back to 8.8.8.8:53")
+	return []string{"8.8.8.8:53"}
+}
+
 func retryWithBackoff(ctx context.Context, maxRetries int, fn func() error) error {
 	return retry(ctx, maxRetries, time.Second, func(i int) time.Duration {
 		return time.Duration(1<<uint(i)) * time.Second
@@ -73,7 +118,7 @@ func main() {
 		stateDir    = flag.String("statedir", envOr("TSDNSPROXY_STATE_DIR", "/var/lib/tsdnsproxy"), "state directory")
 		state       = flag.String("state", os.Getenv("TSDNSPROXY_STATE"), "state storage (e.g., kube:<secret-name>)")
 		controlURL  = flag.String("controlurl", os.Getenv("TS_CONTROLURL"), "optional alternate control server URL")
-		defaultDNS  = flag.String("default-dns", envOr("TSDNSPROXY_DEFAULT_DNS", ""), "default DNS servers (comma-separated)")
+		overrideDNS = flag.String("override-dns", envOr("TSDNSPROXY_OVERRIDE_DNS", ""), "override DNS servers (comma-separated, defaults to host resolvers)")
 		cacheExpiry = flag.Duration("cache-expiry", constants.DefaultCacheExpiry, "whois cache expiry duration")
 		healthAddr  = flag.String("health-addr", envOr("TSDNSPROXY_HEALTH_ADDR", ":8080"), "health check endpoint address")
 		listenAddrs = flag.String("listen-addrs", envOr("TSDNSPROXY_LISTEN_ADDRS", "tailscale"), "listen addresses (comma-separated: tailscale,0.0.0.0:53,127.0.0.1:5353)")
@@ -141,11 +186,17 @@ func main() {
 	grantCache := cache.NewGrantCache(*cacheExpiry)
 
 	var defaultServers []string
-	if *defaultDNS != "" {
-		defaultServers = strings.Split(*defaultDNS, ",")
+	if *overrideDNS != "" {
+		// Use override DNS servers if specified
+		defaultServers = strings.Split(*overrideDNS, ",")
 		for i := range defaultServers {
 			defaultServers[i] = strings.TrimSpace(defaultServers[i])
 		}
+		log.Printf("using override DNS servers: %v", defaultServers)
+	} else {
+		// Default to host's DNS resolvers
+		defaultServers = getHostDNSServers()
+		log.Printf("using host DNS servers: %v", defaultServers)
 	}
 	backendMgr := backend.NewManager(defaultServers)
 	defer backendMgr.Close()

k8s/deployment.yaml

@@ -75,8 +75,8 @@ spec:
           value: "tsdnsproxy"
         - name: TSDNSPROXY_VERBOSE
           value: "true"
-        - name: TSDNSPROXY_DEFAULT_DNS
-          value: "8.8.8.8:53,8.8.4.4:53"  # Configure your default DNS
+        - name: TSDNSPROXY_OVERRIDE_DNS
+          value: "8.8.8.8:53,8.8.4.4:53"  # Override host DNS with specific servers
         - name: TSDNSPROXY_LISTEN_ADDRS
           value: "tailscale,0.0.0.0:53"  # Listen on both Tailscale and LAN
         - name: TS_AUTHKEY

k8s/kustomization.yaml

@@ -23,5 +23,5 @@ configMapGenerator:
 - name: tsdnsproxy-config
   namespace: tsdnsproxy
   literals:
-  - TSDNSPROXY_DEFAULT_DNS=8.8.8.8:53,8.8.4.4:53
+  - TSDNSPROXY_OVERRIDE_DNS=8.8.8.8:53,8.8.4.4:53
   - TSDNSPROXY_VERBOSE=true