You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use lima on macOS for virtual machines and ran into problems with DNS with the latest version of lima (1.0.2) which uses gvisor-tap-vsock 0.8.1. The problem is that our VPN software installs a socket filter as DNS proxy. In the virtual machine DNS resolution fails as long as the socket filter is active. I tried a few things and found out, that the issue only happens when using UDP, TCP was fine.
In the end it looks like the actual implementation here in https://github.com/containers/gvisor-tap-vsock/blob/main/pkg/services/dns/dns.go#L150 is basically too fast for that socket filter. With a simple GO program that just does a DNS query with client.Exchange I can reproduce the behavior. DNS resolution works with the socket filter if there is a short delay between opening the connection and sending the request:
I understand that the actual problem might be with the socket filter and maybe macOS, and will try to address this with the vendor of the VPN software, but I also wonder, if we could add a change like this to your code base ...
The text was updated successfully, but these errors were encountered:
We use lima on macOS for virtual machines and ran into problems with DNS with the latest version of lima (1.0.2) which uses gvisor-tap-vsock 0.8.1. The problem is that our VPN software installs a socket filter as DNS proxy. In the virtual machine DNS resolution fails as long as the socket filter is active. I tried a few things and found out, that the issue only happens when using UDP, TCP was fine.
In the end it looks like the actual implementation here in https://github.com/containers/gvisor-tap-vsock/blob/main/pkg/services/dns/dns.go#L150 is basically too fast for that socket filter. With a simple GO program that just does a DNS query with client.Exchange I can reproduce the behavior. DNS resolution works with the socket filter if there is a short delay between opening the connection and sending the request:
This works:
conn, err := client.Dial(nameserver)
time.Sleep(200 * time.Microsecond)
r, _, err := client.ExchangeWithConn(msg, conn)
but this does not
r, _, err := dnsClient.Exchange(msg, nameserver)
I understand that the actual problem might be with the socket filter and maybe macOS, and will try to address this with the vendor of the VPN software, but I also wonder, if we could add a change like this to your code base ...
The text was updated successfully, but these errors were encountered: