Search DNS not working correctly.

[rhatdan]

$ podman run -ti alpine ping help
PING help (209.132.183.105): 56 data bytes
64 bytes from 209.132.183.105: seq=0 ttl=42 time=64.800 ms
64 bytes from 209.132.183.105: seq=1 ttl=42 time=123.429 ms
$ podman run -ti alpine ping help.redhat.com
PING help.redhat.com (209.132.183.105): 56 data bytes
64 bytes from 209.132.183.105: seq=0 ttl=42 time=65.246 ms
64 bytes from 209.132.183.105: seq=1 ttl=42 time=64.677 ms
$ podman run -ti --network podman1 alpine ping help.redhat.com
PING help.redhat.com (209.132.183.105): 56 data bytes
64 bytes from 209.132.183.105: seq=0 ttl=42 time=64.744 ms
64 bytes from 209.132.183.105: seq=1 ttl=42 time=66.691 ms

No Work:

$ podman run -ti --network podman1 alpine ping help
ping: bad address 'help'

Aardvark is failing to handle search dns record.

$ cat /etc/resolv.conf 
...
nameserver 127.0.0.53
options edns0 trust-ad
search redhat.com

[flouthoc]

@rhatdan Could you please paste /etc/resolv.conf of container as well. I am assuming that's happening because we only have search dns.podman inside container and it becomes help.dns.podman.

So the request on host is actually goes for help.dns.podman

[flouthoc]

@rhatdan I think behviour is same which happened for dnsname/dnsmasq setup , I am not sure if netavark inherits search domains from host or even if it is supposed to do that.

@Luap99 @mheon Could confirm but afaik neither CNI/netavark inherits search domains of host but i could be wrong.

[rhatdan]

Right, if this fails it should be sent out to the network though.
Ok so this is a Podman thing

$ podman run -ti --network podman1 alpine cat /etc/resolv.conf 
search dns.podman
nameserver 10.89.0.1

I think we should continue to use the search domain from the hosts.

[rhatdan]

@mheon @baude @Luap99 PTAL

[rhatdan]

 $ podman run -ti --dns-search redhat.com --network podman1 alpine ping help
PING help (209.132.183.105): 56 data bytes
64 bytes from 209.132.183.105: seq=0 ttl=42 time=65.609 ms
64 bytes from 209.132.183.105: seq=1 ttl=42 time=66.600 ms
^C
--- help ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 65.609/66.104/66.600 ms

[mheon]

Concur that this looks like a Podman bug, not aardvark - resolv.conf in the container is not being built correctly

[rhatdan]

docker run --network dan alpine cat /etc/resolv.conf 
search redhat.com
nameserver 127.0.0.11
options edns0 trust-ad ndots:0

Looks like docker maintains the search redhat.com from the host.
As well as the options.

[flouthoc]

@rhatdan Yes i think this issue is agnostic of netavark or cni and more of podman behavior issue. It seems podman does not inherits host's /etc/resolv.conf , i can reproduce it with CNI as well. Could someone else also confirm if they are able to reproduce this with CNI.

[Luap99]

Yes podman removes the other search domains. I think we have to append them.
IIRC I added this logic originally and just followed the way how it was done for the nameserver ips since we will also remove the other servers.

[Luap99]

I will open a PR

[Luap99]

When we set --dns 1.1.1.1 should we add our nameserver first or use the one from the user first, same for the search domain?