dnsproxy: Add DNS proxying functionality. #40
Conversation
hedss
force-pushed
the
dns-proxying
branch
2 times, most recently
from
f96358e to
88db097
Compare
hedss
changed the title
|
Don't review yet, there's an issue which needs sorting. |
|
@balena-ci retest |
hedss
changed the title
|
Unforuntately, balenaCI is currently producing broken builds of this PR. We can't merge it till this is rectified. |
|
@balena-ci retest |
There are services that don't use the libc resolver in their service containers (for example some Go-based services). This feature allows the MDNS publisher to act as a DNS proxy on bridged networks for these services. Set the 'PROXY_DNS' envvar to 'true' to proxy DNS instead of publishing MDNS records, and ensure the networking mode is the bridge network and not 'host'. Change-type: minor Signed-off-by: Heds Simons <[email protected]>
|
@balena-ci retest |
1 similar comment
|
@balena-ci retest |
| @@ -15,6 +16,7 @@ RUN JOBS=MAX npm ci --unsafe-perm --production && npm cache clean --force && rm | |||
|
|
|||
| # Copy and enable the service | |||
| COPY config/services /etc/systemd/system | |||
| RUN systemctl disable dnsmasq.service | |||
There was a problem hiding this comment.
If we never want dnsmasq running here, it might be slightly safer to mask the unit (preventing anything else from pulling in dnsmasq as a dep)
| return; | ||
| } | ||
|
|
||
| console.log(`Removing ${hostname} at address from local MDNS pool`); |
There was a problem hiding this comment.
nit: missing the ${address} here
| export async function startMdnsPublisher(): Promise<void> { | ||
| const tld = process.env.MDNS_TLD; | ||
| if (!tld) { | ||
| throw new Error('MDNS_TLD must be set!'); |
There was a problem hiding this comment.
| throw new Error('MDNS_TLD must be set!'); | |
| throw new Error('MDNS_TLD must be set in the environment!'); |
| const hosts = getFullHostnames(); | ||
|
|
||
| try { | ||
| const ipAddr = await getHostAddress(process.env.INTERFACE); |
There was a problem hiding this comment.
This address could potentially change over the lifecycle of BoB, should this value be refreshed on a timer of some sort (see #35)?
Also, this may be completely out-of-scope for this change, but the way this diff is rendered makes it exceedingly difficult to tell new code from old (in which case, ignore!)
kaisoz
added
the
versionbot/pr-draft
ghost
dismissed
There are services that don't use the libc resolver
in their service containers (for example some Go-based
services). This addition installs dnsmasq into the
MDNS services which can be enabled by an envvar.
Change-type: minor
Signed-off-by: Heds Simons [email protected]