all: use local resolver for ADDC

For normal OS resolver, ctrld does not use local addresses as nameserver to avoid possible looping. However, on AD environment with local DNS running, AD queries must be sent to the local DNS server for proper resolving.
2026-02-03 22:18:39 +00:00 · 2025-01-24 00:38:53 +07:00
parent 69e0aab73e
commit 20759017e6
5 changed files with 47 additions and 3 deletions
--- a/cmd/cli/ad_others.go
+++ b/cmd/cli/ad_others.go
@@ -8,3 +8,8 @@ import (

 // addExtraSplitDnsRule adds split DNS rule if present.
 func addExtraSplitDnsRule(_ *ctrld.Config) bool { return false }
+
+// getActiveDirectoryDomain returns AD domain name of this computer.
+func getActiveDirectoryDomain() (string, error) {
+	return "", nil
+}
--- a/cmd/cli/dns_proxy.go
+++ b/cmd/cli/dns_proxy.go
@@ -51,6 +51,12 @@ var privateUpstreamConfig = &ctrld.UpstreamConfig{
 	Timeout: 2000,
 }

+var localUpstreamConfig = &ctrld.UpstreamConfig{
+	Name:    "Local resolver",
+	Type:    ctrld.ResolverTypeLocal,
+	Timeout: 2000,
+}
+
 // proxyRequest contains data for proxying a DNS query to upstream.
 type proxyRequest struct {
 	msg            *dns.Msg
@@ -443,6 +449,11 @@ func (p *prog) proxy(ctx context.Context, req *proxyRequest) *proxyResponse {
 		upstreams = []string{upstreamOS}
 	}

+	if p.isAdDomainQuery(req.msg) {
+		upstreamConfigs = []*ctrld.UpstreamConfig{localUpstreamConfig}
+		upstreams = []string{upstreamOS}
+	}
+
 	res := &proxyResponse{}

 	// LAN/PTR lookup flow:
@@ -651,6 +662,14 @@ func (p *prog) upstreamConfigsFromUpstreamNumbers(upstreams []string) []*ctrld.U
 	return upstreamConfigs
 }

+func (p *prog) isAdDomainQuery(msg *dns.Msg) bool {
+	if p.adDomain == "" {
+		return false
+	}
+	cDomainName := canonicalName(msg.Question[0].Name)
+	return dns.IsSubDomain(p.adDomain, cDomainName)
+}
+
 // canonicalName returns canonical name from FQDN with "." trimmed.
 func canonicalName(fqdn string) string {
 	q := strings.TrimSpace(fqdn)
--- a/cmd/cli/prog.go
+++ b/cmd/cli/prog.go
@@ -106,6 +106,7 @@ type prog struct {
 	internalLogSent           time.Time
 	runningIface              string
 	requiredMultiNICsConfig   bool
+	adDomain                  string

 	selfUninstallMu       sync.Mutex
 	refusedQueryCount     int
@@ -441,6 +442,10 @@ func (p *prog) run(reload bool, reloadCh chan struct{}) {
 			}
 		}
 	}
+	if domain, err := getActiveDirectoryDomain(); err == nil && domain != "" && hasLocalDnsServerRunning() {
+		mainLog.Load().Debug().Msgf("active directory domain: %s", domain)
+		p.adDomain = domain
+	}

 	var wg sync.WaitGroup
 	wg.Add(len(p.cfg.Listener))