abiosoft
Colima blocks upstream .internal requests
Description
Colima cannot resolve domain names on the host's network using the .internal TLD.
Version
colima version 0.8.1 git commit: 96598cc5b64e5e9e1e64891642b91edc8ac49d16
runtime: docker arch: aarch64 client: v28.3.2 server: v27.1.1 limactl version 1.2.1 qemu-img version 10.0.3 Copyright (c) 2003-2025 Fabrice Bellard and the QEMU Project developers
Operating System
- [ ] macOS Intel <= 13 (Ventura)
- [ ] macOS Intel >= 14 (Sonoma)
- [ ] Apple Silicon <= 13 (Ventura)
- [x] Apple Silicon >= 14 (Sonoma)
- [ ] Linux
Output of colima status
INFO[0010] colima is running using macOS Virtualization.Framework
INFO[0010] arch: aarch64
INFO[0010] runtime: docker
INFO[0010] mountType: virtiofs
INFO[0010] socket: unix:///Users/alex/.colima/default/docker.sock
Reproduction Steps
- On your router (using unbound or a similar resolver), add a rule for A/AAAA for a .internal TLD (such as home.internal)
colima ssh- Perform a lookup via curl:
curl -kv http://home.internal.
* Could not resolve host: home.internal.
* Closing connection
curl: (6) Could not resolve host: home.internal.
For additional verification, Wireshark can be run on the host. No requests for "home.internal" are ever seen. Instead, MDNS requests for "home.internal.local" are made to the upstream resolver.
Expected behaviour
I expect Colima to be able to reach services on the host's network, including when the .internal TLD is in use.
I expect Colima's resolver to still be used to resolve host.docker.internal, but to hand over other .internal requests to the upstream resolver.
As .internal should not normally be handed over to other resolvers, I understand if this behavior needs to be opt-in and configurable.
Additional context
No response
