aardvark-dns icon indicating copy to clipboard operation
aardvark-dns copied to clipboard

Published 20 hours ago verified publisher icon containers

Need way to tell aardvark DNS to refer to a particular DNS, and not host's configured DNS

Open dshenai opened this issue 1 year ago • 8 comments

This is a request for enhancement.

Currently aardvark DNS resolves container names and for anything it can not resolve on its own, it refers to the configured resolvers on the host. Requirement is that: Need a way to tell aardvark DNS to refer to a particular DNS, and not host's configured DNS. This is because I need host to work on separate DNS and container to work on separate DNS.

I tried doing this by bind mounting a alternate_resolve.conf from host to container. It has 2 entries. First is of aardvark DNS and my second is of alternate DNS (say DNS1). Now, note that, my host has DNS2 in its resolv.conf. Expected behavior: For FQDNs that aardvark DNS can not resolve, my expectation is that the forward request should go to DNS1. Observed behavior: Instead, it goes to DNS2.

Kindly guide to understand if this is a valid requirement. Also, as this is not working currently, is there a workaround to make it work?

Thank you

dshenai avatar Sep 20 '22 10:09 dshenai

Hi @dshenai , Thanks for creating the issue.

As of now users don't directly configure aardvark-dns and not sure if there is a plan to provide any direct configuration. But I think a config via containers.conf can be opened up and podman can thus convey aardvark which resolver to use and by default it can keep using host's resolver.

Tagging other maintainers for their opinion on this @Luap99 @mheon @baude WDYT ?

flouthoc avatar Sep 20 '22 12:09 flouthoc

We do not use the host's DNS, but the container's DNS, which defaults to the same nameservers as the host. Setting container default DNS servers in containers.conf ought to do what you want.

mheon avatar Sep 20 '22 12:09 mheon

Okay its already there, see field dns_servers here: https://github.com/containers/common/blob/main/docs/containers.conf.5.md

flouthoc avatar Sep 20 '22 12:09 flouthoc

We do not use the host's DNS, but the container's DNS, which defaults to the same nameservers as the host. Setting container default DNS servers in containers.conf ought to do what you want.

I don't think this is true, aardvark-dns has no access to the containers dns servers so it just uses the host /etc/resolv.conf as upstream servers: https://github.com/containers/aardvark-dns/blob/d77ecad2a9ca4ca8ad66d380f702928869882d87/src/dns/coredns.rs#L70

Luap99 avatar Sep 20 '22 13:09 Luap99

...Did we not implement that yet? Because that was definitely in the original design doc.

mheon avatar Sep 20 '22 13:09 mheon

Well, we have a session later today about new functionality, we can add this to it.

mheon avatar Sep 20 '22 13:09 mheon

Thank you for your quick responses. Is it possible to confirm that this is accepted as an enhancement?

Secondly, is there a way for now, to work around this so that the aardvark DNS talks to configured resolver inside the container? From the snippet that @Luap99 posted above, looks like this is not possible. Still being hopeful and asking the question.

Thank you

dshenai avatar Sep 21 '22 05:09 dshenai

Is it possible to confirm that this is accepted as an enhancement?

Yes that is something we want to fix for sure. I don't think there is a workaround.

Luap99 avatar Sep 21 '22 12:09 Luap99