-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rootful podman cni dns resolution defaults to 8.8.8.8, are there ways for it to auto detect the ones the host is using? #10570
Comments
Podman should already do this. All nameservers in the ´127.0.0.0/8´ range are filtered, if there are no nameservers left 8.8.8.8 is used. |
Knowing what |
Judging by contents of |
The file is not symlinked.
However, if I manually run:
Podman DNS is fixed. But this still is showing Docker is doing something unique, right?
Just for clarity, with docker the file does not need to be symlinked. I can investigate if my host should have this symlinked, and if that is a miss happening on the host-image. |
Hm. So systemd-resolvd is in use, but system resolv.conf is not a symlink? That's new. I wonder how we can detect this case. |
Update: There seems to be a lot of discussion around these files in the ubuntu world. I am not sure if the links are exactly related, however, it does seem that by default that symlink does not exist. Original:
|
Docker just checks if |
OK. That seems reasonable. |
When 127.0.0.53 is the only nameserver in /etc/resolv.conf assume systemd-resolved is used. This is better because /etc/resolv.conf does not have to be symlinked to /run/systemd/resolve/stub-resolv.conf in order to use systemd-resolved. [NO TESTS NEEDED] Fixes: containers#10570 Signed-off-by: Paul Holzinger <[email protected]>
When 127.0.0.53 is the only nameserver in /etc/resolv.conf assume systemd-resolved is used. This is better because /etc/resolv.conf does not have to be symlinked to /run/systemd/resolve/stub-resolv.conf in order to use systemd-resolved. [NO TESTS NEEDED] Fixes: containers#10570 Signed-off-by: Paul Holzinger <[email protected]>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
Disclaimer: I don't understand all of the network details of the host I am accessing in an offsite location.
I am accessing a host through a VPN which has podman.
The host seems to have a local nameserver running:
Host file:
If I were to change this file to use the nameserver 8.8.8.8, the host will not properly do DNS. And simple commands like:
curl google.com
stop working.So when I start a Podman container, it does not have DNS because the /etc/resolv.conf looks like this by default:
If I do the same test with Docker, docker seems to be able to fetch the DNS hosts that 127.0.0.53, and docker containers run with DNS working on the exact same host with no changes.
This is the docker: /etc/resolve.conf
Full IP's are omitted.
I I manually set the DNS of my podman container with the runtime flag of
--dns=10.---.--.--
and DNS is fixed in the podman container.I would like to know if there is a plan to make the CNI detect the actual DNS instead of what seems to be a hardcoding of
8.8.8.8
Steps to reproduce the issue:
nameserver 127.0.0.53
in /etc/resolv.conf2.
sudo podman run -it fedora /bin/bash
curl google.com
fails.Describe the results you received:
Podman container start without DNS.
I can curl IP's directly, but curls like:
curl google.com
andcurl example.com
fail.Describe the results you expected:
I would expect podman CNI to detect my actual hosts DNS servers and have my container work as expected by default, just like Docker.
** Additional Details **
On the host if I run the command:
I see the output:
These Ip's match those found in Docker.
Could podman grab this data?
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
No only 3.0.1
Additional environment details (AWS, VirtualBox, physical, etc.):
Host behind VPN and special Network.
The text was updated successfully, but these errors were encountered: