From 229e0038ee643ec775d0670c030db70670ae298c Mon Sep 17 00:00:00 2001
From: Viktor Liu <17948409+lixmal@users.noreply.github.com>
Date: Wed, 5 Nov 2025 17:30:17 +0100
Subject: [PATCH] [client] Add dns config to debug bundle (#4704)

---
 client/internal/debug/debug.go           | 20 +++++++++
 client/internal/debug/debug_darwin.go    | 53 ++++++++++++++++++++++++
 client/internal/debug/debug_mobile.go    |  4 ++
 client/internal/debug/debug_nondarwin.go | 16 +++++++
 client/internal/debug/debug_nonunix.go   |  7 ++++
 client/internal/debug/debug_unix.go      | 29 +++++++++++++
 6 files changed, 129 insertions(+)
 create mode 100644 client/internal/debug/debug_darwin.go
 create mode 100644 client/internal/debug/debug_nondarwin.go
 create mode 100644 client/internal/debug/debug_nonunix.go
 create mode 100644 client/internal/debug/debug_unix.go

diff --git a/client/internal/debug/debug.go b/client/internal/debug/debug.go
index 442f54e71..fbec29ce3 100644
--- a/client/internal/debug/debug.go
+++ b/client/internal/debug/debug.go
@@ -44,6 +44,8 @@ interfaces.txt: Anonymized network interface information, if --system-info flag
 ip_rules.txt: Detailed IP routing rules in tabular format including priority, source, destination, interfaces, table, and action information (Linux only), if --system-info flag was provided.
 iptables.txt: Anonymized iptables rules with packet counters, if --system-info flag was provided.
 nftables.txt: Anonymized nftables rules with packet counters, if --system-info flag was provided.
+resolv.conf: DNS resolver configuration from /etc/resolv.conf (Unix systems only), if --system-info flag was provided.
+scutil_dns.txt: DNS configuration from scutil --dns (macOS only), if --system-info flag was provided.
 resolved_domains.txt: Anonymized resolved domain IP addresses from the status recorder.
 config.txt: Anonymized configuration information of the NetBird client.
 network_map.json: Anonymized sync response containing peer configurations, routes, DNS settings, and firewall rules.
@@ -184,6 +186,20 @@ The ip_rules.txt file contains detailed IP routing rule information:
 The table format provides comprehensive visibility into the IP routing decision process, including how traffic is directed to different routing tables based on various criteria. This is valuable for troubleshooting advanced routing configurations and policy-based routing.
 
 For anonymized rules, IP addresses and prefixes are replaced as described above. Interface names are anonymized using string anonymization. Table names, actions, and other non-sensitive information remain unchanged.
+
+DNS Configuration
+The debug bundle includes platform-specific DNS configuration files:
+
+resolv.conf (Unix systems):
+- Contains DNS resolver configuration from /etc/resolv.conf
+- Includes nameserver entries, search domains, and resolver options
+- All IP addresses and domain names are anonymized following the same rules as other files
+
+scutil_dns.txt (macOS only):
+- Contains detailed DNS configuration from scutil --dns
+- Shows DNS configuration for all network interfaces
+- Includes search domains, nameservers, and DNS resolver settings
+- All IP addresses and domain names are anonymized
 `
 
 const (
@@ -357,6 +373,10 @@ func (g *BundleGenerator) addSystemInfo() {
 	if err := g.addFirewallRules(); err != nil {
 		log.Errorf("failed to add firewall rules to debug bundle: %v", err)
 	}
+
+	if err := g.addDNSInfo(); err != nil {
+		log.Errorf("failed to add DNS info to debug bundle: %v", err)
+	}
 }
 
 func (g *BundleGenerator) addReadme() error {
diff --git a/client/internal/debug/debug_darwin.go b/client/internal/debug/debug_darwin.go
new file mode 100644
index 000000000..91e10214f
--- /dev/null
+++ b/client/internal/debug/debug_darwin.go
@@ -0,0 +1,53 @@
+//go:build darwin && !ios
+
+package debug
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// addDNSInfo collects and adds DNS configuration information to the archive
+func (g *BundleGenerator) addDNSInfo() error {
+	if err := g.addResolvConf(); err != nil {
+		log.Errorf("failed to add resolv.conf: %v", err)
+	}
+
+	if err := g.addScutilDNS(); err != nil {
+		log.Errorf("failed to add scutil DNS output: %v", err)
+	}
+
+	return nil
+}
+
+func (g *BundleGenerator) addScutilDNS() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	cmd := exec.CommandContext(ctx, "scutil", "--dns")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("execute scutil --dns: %w", err)
+	}
+
+	if len(bytes.TrimSpace(output)) == 0 {
+		return fmt.Errorf("no scutil DNS output")
+	}
+
+	content := string(output)
+	if g.anonymize {
+		content = g.anonymizer.AnonymizeString(content)
+	}
+
+	if err := g.addFileToZip(strings.NewReader(content), "scutil_dns.txt"); err != nil {
+		return fmt.Errorf("add scutil DNS output to zip: %w", err)
+	}
+
+	return nil
+}
diff --git a/client/internal/debug/debug_mobile.go b/client/internal/debug/debug_mobile.go
index c00c65132..3c1745ff3 100644
--- a/client/internal/debug/debug_mobile.go
+++ b/client/internal/debug/debug_mobile.go
@@ -5,3 +5,7 @@ package debug
 func (g *BundleGenerator) addRoutes() error {
 	return nil
 }
+
+func (g *BundleGenerator) addDNSInfo() error {
+	return nil
+}
diff --git a/client/internal/debug/debug_nondarwin.go b/client/internal/debug/debug_nondarwin.go
new file mode 100644
index 000000000..dfc2eace5
--- /dev/null
+++ b/client/internal/debug/debug_nondarwin.go
@@ -0,0 +1,16 @@
+//go:build unix && !darwin && !android
+
+package debug
+
+import (
+	log "github.com/sirupsen/logrus"
+)
+
+// addDNSInfo collects and adds DNS configuration information to the archive
+func (g *BundleGenerator) addDNSInfo() error {
+	if err := g.addResolvConf(); err != nil {
+		log.Errorf("failed to add resolv.conf: %v", err)
+	}
+
+	return nil
+}
diff --git a/client/internal/debug/debug_nonunix.go b/client/internal/debug/debug_nonunix.go
new file mode 100644
index 000000000..18d017050
--- /dev/null
+++ b/client/internal/debug/debug_nonunix.go
@@ -0,0 +1,7 @@
+//go:build !unix
+
+package debug
+
+func (g *BundleGenerator) addDNSInfo() error {
+	return nil
+}
diff --git a/client/internal/debug/debug_unix.go b/client/internal/debug/debug_unix.go
new file mode 100644
index 000000000..7e8a74eb0
--- /dev/null
+++ b/client/internal/debug/debug_unix.go
@@ -0,0 +1,29 @@
+//go:build unix && !android
+
+package debug
+
+import (
+	"fmt"
+	"os"
+	"strings"
+)
+
+const resolvConfPath = "/etc/resolv.conf"
+
+func (g *BundleGenerator) addResolvConf() error {
+	data, err := os.ReadFile(resolvConfPath)
+	if err != nil {
+		return fmt.Errorf("read %s: %w", resolvConfPath, err)
+	}
+
+	content := string(data)
+	if g.anonymize {
+		content = g.anonymizer.AnonymizeString(content)
+	}
+
+	if err := g.addFileToZip(strings.NewReader(content), "resolv.conf"); err != nil {
+		return fmt.Errorf("add resolv.conf to zip: %w", err)
+	}
+
+	return nil
+}