feat: add VPN DNS service with dynamic service catalog resolution and CoreDNS integration

Add ServiceDNSRecord type and gateway API endpoint to expose active service domain-to-IP mappings. Implement ListServiceDNSRecords repository method querying services table with proxy_ip resolution using effectiveAccessProxyIP helper. Add vpn-dns microservice built on CoreDNS with periodic sync from backend API. Generate Corefile with configurable upstream DNS servers and hosts plugin for service overrides.
2026-03-18 13:30:34 +01:00
parent 6cf49ff3e0
commit 3e2169f217
11 changed files with 238 additions and 1 deletions
--- a/backend/internal/gateway/handler.go
+++ b/backend/internal/gateway/handler.go
@@ -90,6 +90,21 @@ func (h *Handler) AgentSyncBundle(w http.ResponseWriter, r *http.Request) {
 	apiutil.JSON(w, http.StatusOK, bundle)
 }

+func (h *Handler) AgentServiceDNS(w http.ResponseWriter, r *http.Request) {
+	if r.Header.Get("X-Gateway-Bootstrap-Token") != h.bootstrapToken {
+		apiutil.Error(w, http.StatusUnauthorized, "unauthorized", "invalid gateway bootstrap token")
+		return
+	}
+
+	items, err := h.service.ListServiceDNSRecords(r.Context())
+	if err != nil {
+		apiutil.Error(w, http.StatusInternalServerError, "service_dns_failed", "unable to build service dns records")
+		return
+	}
+
+	apiutil.JSON(w, http.StatusOK, map[string]any{"records": items})
+}
+
 func (h *Handler) Telemetry(w http.ResponseWriter, r *http.Request) {
 	if r.Header.Get("X-Gateway-Bootstrap-Token") != h.bootstrapToken {
 		apiutil.Error(w, http.StatusUnauthorized, "unauthorized", "invalid gateway bootstrap token")