Podman's --dns + --network is different than docker's --dns + --network
#16172
Comments
flouthoc
changed the title
--dns is different than docker's --dns--dns + --network is different than docker's --dns + --network
|
What we are doing matches what Docker does for networks that do not have DNS enabled, last I checked. It is, as you note, not correct for networks with DNS enabled. In those cases, Docker's internal DNS service takes over. I don't see any harm in keeping the user-added DNS servers in resolv.conf, though. Just need to make sure that Aardvark is first. |
|
@mheon Upon checking again I like docker's way better since I don't see any value of repeating
Following PR should address this: #16175 |
This is only true when aardvark-dns has support for that. Before we add support for that we should not change this IMO |
…_enabled Podman populates container's `/etc/resolv.conf` with custom DNS servers ( specified via `--dns` or `dns_server` in containers.conf ) even when container is connected to a network where `dns_enabled` is `true`. Current behavior does not matches with docker, hence following commit ensures that podman only populates custom DNS server when container is not connected to any network where DNS is enabled and for the cases where `dns_enabled` is `true` the resolution for custom DNS server will happen via ( `aardvark-dns` or `dnsname` ). Reference: https://docs.docker.com/config/containers/container-networking/#dns-services Closes: containers#16172 ```release-note container: `--dns` and `dns_server` behavior for containers connected to network matches with docker now ``` Signed-off-by: Aditya R <arajan@redhat.com>
|
Also, should we make this a Netavark-only thing? CNI should probably continue to use the old behavior. |
Sure SGTM. I'll add a filter for |
|
A friendly reminder that this issue had no activity for 30 days. |
|
@flouthoc Any movement on this one? |
|
I just need to rebase my original PR since new version of netavark and aardvark are already out. |
|
A friendly reminder that this issue had no activity for 30 days. |
|
@flouthoc did the rebase ever happen? |
|
A friendly reminder that this issue had no activity for 30 days. |
|
Waiting for latest version of |
|
New images are merged you can rebase |
…server After containers/netavark#452 `netavark` is incharge of deciding `custom_dns_servers` if any so lets honor that and libpod should not set these manually. This also ensures docker parity Podman populates container's `/etc/resolv.conf` with custom DNS servers ( specified via `--dns` or `dns_server` in containers.conf ) even when container is connected to a network where `dns_enabled` is `true`. Current behavior does not matches with docker, hence following commit ensures that podman only populates custom DNS server when container is not connected to any network where DNS is enabled and for the cases where `dns_enabled` is `true` the resolution for custom DNS server will happen via ( `aardvark-dns` or `dnsname` ). Reference: https://docs.docker.com/config/containers/container-networking/#dns-services Closes: containers#16172 Signed-off-by: Aditya R <arajan@redhat.com>
github-actions
bot
added
the
locked - please file new issue/PR
I think Podman's
--dnsis behaving differently than how is it supposed to work when comparing withdockerwhen a container is started with--network.What Podman is doing when
--dnsis used with--networkPodman's
--dnsis overrding thenameserversinside container's/etc/resolv.confSo
podman run --network test --dns 8.8.8.8 ...will produce a/etc/resolv.confinside container with following content.Following behavior mismatches with docker.
What docker is doing when
--dnsis used with--networkDocker is setting the custom dns server instead of host's
/etc/resolv.confwhen container makes request to docker's DNS resolver. Actual/etc/resolv.confinside the container is never changed withdockerirrespective of--dnsflag with--networkflag.See the text here: https://docs.docker.com/config/containers/container-networking/#dns-services
The text was updated successfully, but these errors were encountered: