Constantine Peresypkin

@hbhasker DNS access to `127.0.0.11` is not working over port 53, because it's expected to be redirected to other ports by `iptables` rules and there are none copied over. It...

FYI, the place in moby/docker where that resolver is set up: [here](https://github.com/moby/moby/blob/311ec0d77fc3c19b75cf2290da45cf261144482f/libnetwork/resolver_unix.go#L30)

@hbhasker As I've tested [above](https://github.com/google/gvisor/issues/7469#issuecomment-1112500248) **in givisor** doing `dig google.com -p 49200 @127.0.0.11` works as expected. The only problem is port 53 to 49200 (or whatever) remapping.

Yup, did that too IIRC. But will re-check.

@hbhasker yup, you were right, it doesn't route to 127.0.0.11 from gvisor. Will think about it.

@hbhasker still not having iptables set up during boot is a security problem. Traffic may be restricted in vanilla docker/containerd but will be unrestricted under gvisor.

That's an internal DNS. It doesn't have non `127.0.0.0/8` address It looks like it's really a docker problem as for example https://github.com/containerd/nerdctl has no problem routing correctly, because it uses...

If you peek inside `CMakeLists.txt` you'll find all the executables it compiles (look for `add_executable`) It looks like `./daScript foo.das` is what you need to run stuff.

@Skarlso it's not propagating. See below: ASG:  Launch Template:  As you can see tag from the launch template `k8s.io/cluster-autoscaler/node-template/label/runtime` is not propagated....

It was the default...