do not mess with host's dns setup whatever they are

- on 816ebd2 we used macOS' stock facilities to expose to it our embedded name server regardless of the host's setup. We now go one step further - instead of running our embedded name server on host's port 53 we run it on port 15353 and transparently port-forward via pf it as :53 to the VMs. this should handle most, if not all, of the "corner" cases that our user base has been hitting lately... - TheNewNormal/corectl.app#31 - TheNewNormal/corectl.app#33 - #87 - #88 Signed-off-by: António Meireles <[email protected]>
TheNewNormal · Aug 29, 2016 · 632c249 · 632c249
1 parent bebdb55
commit 632c249
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 8 deletions.
diff --git a/components/server/dns.go b/components/server/dns.go
@@ -21,8 +21,10 @@ package server
 import (
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
 	"os"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -40,6 +42,9 @@ var (
 		"8.8.4.4:53",
 	}
 	LocalDomainName = "coreos.local"
+	WatermarkHeader = "#\n# This file is automatically generated " +
+		"and managed by corectl\n#\n"
+	EmbeddedDNSport = "15353"
 )
 
 type DNSServer struct {
@@ -96,16 +101,47 @@ func (d *ServerContext) NewDNSServer(root,
 	if resolver, err = os.Create("/etc/resolver/corectld"); err != nil {
 		return
 	}
+	fmt.Fprintf(resolver, WatermarkHeader)
 	fmt.Fprintf(resolver,
-		"#\n# This file is automatically generated and managed by corectl\n#\n")
-	fmt.Fprintf(resolver,
-		"domain %s\nsearch %s\nnameserver 127.0.0.1\n", root, root)
+		"domain %s\nsearch %s\nnameserver 127.0.0.1\nport %v\n",
+		root, root, EmbeddedDNSport)
 	resolver.Close()
-
+	if err = d.DNSServer.PortForward(); err != nil {
+		return
+	}
 	d.DNSServer.Start()
 	return
 }
 
+func (dns *DNSServer) PortForward() (err error) {
+	var pfC, pfR *os.File
+	if pfC, err =
+		ioutil.TempFile(session.Caller.TmpDir(), "coreos"); err != nil {
+		return
+	}
+	defer os.Remove(pfC.Name())
+	if pfR, err =
+		ioutil.TempFile(session.Caller.TmpDir(), "coreos"); err != nil {
+		return
+	}
+	defer os.Remove(pfR.Name())
+
+	fmt.Fprintf(pfC, WatermarkHeader)
+	fmt.Fprintln(pfC, "rdr-anchor 'corectl-dns-forwarding'")
+	fmt.Fprintln(pfC, "nat-anchor 'com.apple.internet-sharing' all")
+	fmt.Fprintln(pfC, "rdr-anchor 'com.apple.internet-sharing' all")
+	fmt.Fprintf(pfC, "load anchor 'corectl-dns-forwarding' from '%s'\n",
+		pfR.Name())
+	pfC.Close()
+	fmt.Fprintf(pfR, WatermarkHeader)
+	fmt.Fprintf(pfR, "rdr pass on bridge100 inet proto { tcp udp } "+
+		"from any to any port = domain -> %s port %v\n",
+		session.Caller.Network.Address, EmbeddedDNSport)
+	pfR.Close()
+	exec.Command("/sbin/pfctl", "-e").Run()
+	return exec.Command("/sbin/pfctl", "-f", pfC.Name()).Run()
+}
+
 func (dns *DNSServer) Start() {
 	if dns.done != nil {
 		fmt.Fprint(os.Stderr, pad("DNS server already started"))
@@ -133,6 +169,7 @@ type runner interface {
 }
 
 func teardownService() {
+	exec.Command("/sbin/pfctl", "-f", "/etc/pf.conf").Run()
 	Daemon.DNSServer.rmRecord("corectld", session.Caller.Network.Address)
 	os.Remove("/etc/resolver/corectld")
 }

diff --git a/components/server/server.go b/components/server/server.go
@@ -86,12 +86,13 @@ func Start() (err error) {
 	Daemon.EtcdClient.Delete(context.Background(), "/skydns",
 		&client.DeleteOptions{Dir: true, Recursive: true})
 
-	if isPortOpen("tcp", ":53") {
-		return fmt.Errorf("Unable to start embedded skydns " +
-			"as something else seems to be already binding hosts' port :53")
+	if isPortOpen("tcp", ":"+EmbeddedDNSport) {
+		return fmt.Errorf("Unable to start embedded skydns "+
+			"as something else seems to be already binding hosts' port :%v",
+			EmbeddedDNSport)
 	}
 	log.Info("starting embedded name server")
-	if err = Daemon.NewDNSServer(LocalDomainName, ":53",
+	if err = Daemon.NewDNSServer(LocalDomainName, ":"+EmbeddedDNSport,
 		RecursiveNameServers); err != nil {
 		return
 	}