From 9dc730d9f3789581e589868e0f34f182782c272d Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 20 Feb 2023 14:36:34 +0100 Subject: [PATCH] netavark: only use aardvark ip as nameserver Since commit 06241077cc we use the aardvark per container dns functionality. This means we should only have the aardvark ip in resolv.conf otherwise the client resolver could skip aardvark, thus ignoring the special dns option for this container. Fixes #17499 Signed-off-by: Paul Holzinger --- libpod/container_internal_common.go | 6 +++++- test/system/500-networking.bats | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index efcdcf9cc8..e751c028db 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2048,7 +2048,11 @@ func (c *Container) generateResolvConf() error { // If the user provided dns, it trumps all; then dns masq; then resolv.conf keepHostServers := false if len(nameservers) == 0 { - keepHostServers = true + // when no network name servers or not netavark use host servers + // for aardvark dns we only want our single server in there + if len(networkNameServers) == 0 || networkBackend != string(types.Netavark) { + keepHostServers = true + } // first add the nameservers from the networks status nameservers = networkNameServers // slirp4netns has a built in DNS forwarder. diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index d832b33a7e..95f49e0f28 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -663,7 +663,7 @@ EOF is "$output" "search example.com.*" "correct search domain" local store=$output if is_netavark; then - is "$store" ".*nameserver $subnet.1.*" "integrated dns nameserver is set" + assert "$store" == "search example.com${nl}nameserver $subnet.1" "only integrated dns nameserver is set" else is "$store" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct" fi