Comments (13)
Is it possible to confirm that this is accepted as an enhancement?
Yes that is something we want to fix for sure. I don't think there is a workaround.
from aardvark-dns.
Hi @dshenai , Thanks for creating the issue.
As of now users don't directly configure aardvark-dns and not sure if there is a plan to provide any direct configuration. But I think a config via containers.conf
can be opened up and podman can thus convey aardvark which resolver to use and by default it can keep using host's resolver.
Tagging other maintainers for their opinion on this @Luap99 @mheon @baude WDYT ?
from aardvark-dns.
We do not use the host's DNS, but the container's DNS, which defaults to the same nameservers as the host. Setting container default DNS servers in containers.conf ought to do what you want.
from aardvark-dns.
Okay its already there, see field dns_servers
here: https://github.com/containers/common/blob/main/docs/containers.conf.5.md
from aardvark-dns.
We do not use the host's DNS, but the container's DNS, which defaults to the same nameservers as the host. Setting container default DNS servers in containers.conf ought to do what you want.
I don't think this is true, aardvark-dns has no access to the containers dns servers so it just uses the host /etc/resolv.conf as upstream servers:
aardvark-dns/src/dns/coredns.rs
Line 70 in d77ecad
from aardvark-dns.
...Did we not implement that yet? Because that was definitely in the original design doc.
from aardvark-dns.
Well, we have a session later today about new functionality, we can add this to it.
from aardvark-dns.
Thank you for your quick responses.
Is it possible to confirm that this is accepted as an enhancement?
Secondly, is there a way for now, to work around this so that the aardvark DNS talks to configured resolver inside the container? From the snippet that @Luap99 posted above, looks like this is not possible. Still being hopeful and asking the question.
Thank you
from aardvark-dns.
It'd also be great if we could completely disable using any DNS servers at all. Most of my containers don't have internet accesses (nftables firewall). Having aardvark forward requests to a DNS server in the internet allows for DNS tunneling attacks.
To make this useful this should be configurable per container though - either by having podman run multiple aardvark instances or by making aardvark aware where the request is coming from.
EDIT: I don't think that's necessary because podman adds the hosts DNS to the containers resolv.conf anyway so I can filter that via nftables.
from aardvark-dns.
This was fixed a while back in #240 AFAIK, so closing this.
from aardvark-dns.
Hi
There is slight mismatch here.
On a host how DNS resolution works: contents of resolve.conf are referred. If I update resolve.conf, I do not have to restart the host. It is plug and play.
On container with Netavark how the resolution will work as per #240: Every time I have to change the DNS, I need to restart the container. Could we not have plug and play here also?
Thank you
from aardvark-dns.
@dshenai Now podman
allows to add custom resolvers at network level and they can be updated without restarting the container. Check https://docs.podman.io/en/latest/markdown/podman-network-update.1.html I think this should help you if i understood your problem correctly.
from aardvark-dns.
Thanks @flouthoc. That link proved helpful.
from aardvark-dns.
Related Issues (20)
- Shall we lookup host's /etc/hosts before forwarding other request to host's /etc/resolv.conf? HOT 5
- dns request failed: request timed out HOT 22
- dns: inbuilt resolver should return both `IPv6` and `IPv4` records if request type is `ANY` HOT 2
- Add LICENSE file and COC to repoistory HOT 1
- Dependency Dashboard
- Disable Dependabot after renovate trial
- Need bidirectional communication channel between netavark and aardvark HOT 8
- Add host.containers.internal entry in aardvark-dns HOT 2
- [NOT UPSTREAM PROBLEM] test `packit propose-downstream` HOT 2
- [packit] Propose downstream failed for release v1.7.0
- test_backend_network_scoped_custom_dns_server fails HOT 3
- Updating trust-dns HOT 1
- DNS requests timeout HOT 24
- Is there a way to reserve or limit IP addresses when using DNS? HOT 1
- netavark dns resolves container fqdn on only one network when multiple networks connected HOT 11
- CI flake: three networks with a connect HOT 1
- When forward dns request to outside name server, `aardvark-dns` should check and ignore its own listening IPs or error out, to avoid infinite recursion. HOT 1
- Setting invalid options in /etc/resolv.conf makes dns unresponsive HOT 1
- Add response TTL settings HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aardvark-dns.