Bug 2128675

Summary: Need way to tell aardvark DNS to refer to a particular DNS, and not host's configured DNS
Product: Red Hat Enterprise Linux 8 Reporter: John Cronin <John.Cronin>
Component: aardvark-dnsAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: high Docs Contact:
Priority: medium    
Version: 8.6CC: arajan, bhenders, dornelas, jnovy, jorton, mamccoma, vikas.goel, wwurzbac, ypu
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 8.8   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: aardvark-dns-1.5.0-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-16 08:21:12 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Cronin 2022-09-21 11:33:00 UTC 
Description of problem:
Currently aardvark DNS resolves container names and for anything it can not resolve on its own, it refers to the configured resolvers on the host. Requirement is that: Need a way to tell aardvark DNS to refer to a particular DNS, and not host's configured DNS. This is because I need host to work on separate DNS and container to work on separate DNS.

Kindly guide to understand if this is a valid requirement.
Also, as this is not working currently, is there a workaround to make it work?

Thank you

Version-Release number of selected component (if applicable):
aardvark-dns-1.0.1-35.module+el8.6.0+15917+093ca6f8.x86_64

How reproducible:
Always

Steps to Reproduce:
I tried following steps:
1. bind mounting an alternate_resolve.conf from host to container. It has 2 entries. First is of aardvark DNS and second is of alternate DNS (say DNS1). 
2. Now, note that, my host has DNS2 in its resolv.conf.

Actual results:
For FQDNs that aardvark DNS can not resolve, the forward request goes to DNS2.

Expected results:
For FQDNs that aardvark DNS can not resolve, my expectation is that the forward request should go to DNS1.

Additional info:
https://github.com/containers/aardvark-dns/issues/228
Comment 9 Joy Pu 2023-02-13 08:44:41 UTC 
Checked with the latest build of podman and catatonit. They can be installed without any warning. So move it to verified:
# rpm -qa |grep -e podman -e catatonit
podman-4.4.0-1.el9.x86_64
catatonit-0.1.7-8.el9.x86_64
Comment 10 Joy Pu 2023-02-13 08:45:59 UTC 
Update the wrong bug.
Comment 12 Joy Pu 2023-02-22 13:24:01 UTC 
Test with netavark-1.5.0-4.module+el8.8.0+18060+3f21f2cc.x86_64 and podman-4.4.1-1.module+el8.8.0+18126+f23bfb36.x86_64. The --dns works as expected. More details. The name server can be configured with it and:

[root@kvm-03-guest24 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
search hv2.lab.eng.bos.redhat.com
nameserver 10.11.5.160
nameserver 10.2.70.215
[root@kvm-03-guest24 ~]# podman info |grep network
  networkBackend: netavark
  network:
Without the --dns option:
# podman run --rm check_dns nslookup google.com
Server:		10.11.5.160
Address:	10.11.5.160#53

Non-authoritative answer:
Name:	google.com
Address: 142.251.163.139
Name:	google.com
Address: 142.251.163.101
Name:	google.com
Address: 142.251.163.100
Name:	google.com
Address: 142.251.163.138
Name:	google.com
Address: 142.251.163.113
Name:	google.com
Address: 142.251.163.102
Name:	google.com
Address: 2607:f8b0:4004:c1b::66
Name:	google.com
Address: 2607:f8b0:4004:c1b::8a
Name:	google.com
Address: 2607:f8b0:4004:c1b::64
Name:	google.com
Address: 2607:f8b0:4004:c1b::8b

With the --dns option:
# podman run --rm --dns=10.2.70.215 check_dns nslookup google.com
Server:		10.2.70.215
Address:	10.2.70.215#53

Non-authoritative answer:
Name:	google.com
Address: 142.251.163.139
Name:	google.com
Address: 142.251.163.101
Name:	google.com
Address: 142.251.163.100
Name:	google.com
Address: 142.251.163.138
Name:	google.com
Address: 142.251.163.113
Name:	google.com
Address: 142.251.163.102
Name:	google.com
Address: 2607:f8b0:4004:c1b::8b
Name:	google.com
Address: 2607:f8b0:4004:c1b::66
Name:	google.com
Address: 2607:f8b0:4004:c1b::8a
Name:	google.com
Address: 2607:f8b0:4004:c1b::64


So move this to verified.
Comment 14 errata-xmlrpc 2023-05-16 08:21:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2758