mirror of
https://github.com/netbirdio/netbird.git
synced 2026-05-31 21:19:55 +00:00
0d45ad453a
When the local resolver hands back records for a query, walk the A/AAAA answers and consult a connectivity checker keyed by IP. Records whose RDATA points at a known-but-disconnected peer are dropped from the answer. Records pointing at unknown IPs (anything outside the local peerstore) pass through untouched. Motivation: synthesised private-service zones emit one A record per connected proxy peer in a cluster. The management side now refreshes the netmap whenever a proxy peer flips state, but the client may still hold a stale netmap for a short window. This is the client-side belt to that braces — even on the stale data, the resolver hides records pointing at peers that the local peerstore reports offline. Escape hatch: if filtering would empty the answer entirely AND at least one record was dropped, the original list is restored. Better to hand the client a record that may not respond than NXDOMAIN it completely when every proxy in the cluster is offline (the upstream may still be reachable some other way, or the peerstore may be stale). - local.PeerConnectivity interface: IsConnectedByIP(ip) (known, connected). - Resolver.SetPeerConnectivity wires the source (nil = disabled, the legacy "return everything" default). - ServeDNS runs filterDisconnectedPeerAnswers between lookupRecords and the reply assembly; extractRecordIP pulls IP from A/AAAA only, other record types pass through. - server.go adapter localPeerConnectivity wraps *peer.Status and reports connected when ConnStatus == StatusConnected. - New tests cover the four cases: drop disconnected, pass unknown, fallback when all disconnected, and no-op when no checker is wired.