Fix DNS resolution issues on Mac OS X when connected to a VPN

[pryorda]

Fix for issue #3536

[jen20]

Hi @pryorda! Can you explain the background to this fix and why it works? Also, could you squash your work into a single commit? Thanks!

[pryorda]

@jen20 Hey There, The reason it works is because go native on mac only points to resolv.conf. Forcing it to use CGO makes it so that it trys to the use mac dns resolver instead of going directly to resolv.conf. When doing split-tunneling on a VPN some dns queries need to be sent to the DNS in the vpn and are "hijacked" based on suffix. If you use go native library it doesnt allow it to do this.

I'll work on squashing this into a single commit.

Thanks

[pryorda]

@jen20 Let me know if it looks correct now?

[mitchellh]

I don't think this works if we're building Terraform on a non-Darwin build machine (namely your second XC_OS check), since the CGO build will fail. Thoughts?

[pryorda]

Not sure Im understanding travis ci was able to build it and it wasnt a darwin box.

[pryorda]

@mitchellh bumping this with a better explanation. Line 26 of https://github.com/hashicorp/terraform/pull/5925/files will default to include darwin so it should always be set unless they manually set XC_OS to something else. Currently the darwin build is the only one that needs it to fix the issue and I'm not sure if there is a better way to handle this.

[jason-riddle]

Any update on this?

[apparentlymart]

@pryorda thanks for your effort here, and sorry for jumping in to this late... I think what @mitchellh was getting at here is that the release binaries for Terraform are currently built on an Ubuntu 12.04 VM produced by the Vagrantfile in the root of the repository, and so the darwin builds are cross-compiled from a Linux system.

I tried building the darwin binaries on my linux machine with your patch in place, and the build succeeded but I don't have a Mac on which to test the result and see if it solves the problem you wanted to solve.

If you have time, it'd be useful if you could try running the build for Darwin in the vagrant-produced environment. See the BUILDING instructions for how, though you might want to run make XC_OS=darwin bin to avoid building for all of Terraform's supported targets. In particular the interesting thing would be whether the binaries produced by that process have the DNS resolution behavior you're looking for once you copy them to and run them on a Mac.

My suspicion is that they will not, since AFAIK CGo is never enabled for cross-compilation and so the CGO_ENABLED flag will be ignored in that case. I'd be happy to be proven wrong, though!

An alternative path would be to try to pursue this issue in Go itself, which would avoid the need for any special handling in Terraform: golang/go#12524

[pryorda]

@btyler97 This resolved the issue for you correct?

[stack72]

Hi @pryorda

Thanks so much for the work you have put in on this PR - sorry it has taken so longer to get back to you. We just spoke about this internally and have decided to close this for now. This isn't a common issue for us at this point in time. We are aiming to support CGO as part of our builds going forward, but no real plan has emerged yet.

Thanks again

Paul

[flyinprogrammer]

Your friends who do nomad seem to have found a CD process that allows them to do this: https://github.com/hashicorp/nomad/blob/088f51a330a93186a74515b8d699f24e59611adf/GNUmakefile#L56

Also, this issue relates to this issue in core: golang/go#12524

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.