Bug 2182894

Summary: --dns-add command is not functioning
Product: Red Hat Enterprise Linux 8 Reporter: Tom Sweeney <tsweeney>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Yuhui Jiang <yujiang>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.9CC: ajia, bbaude, dwalsh, jligon, jnovy, lsm5, mboddu, mheon, pthomas, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: podman-4.6.1-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2182896 2182897 (view as bug list) Environment:
Last Closed: 2023-11-14 15:29:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2182896, 2182897    

Description Tom Sweeney 2023-03-29 22:01:02 UTC 
From: https://issues.redhat.com/browse/RUN-1739

1. The --dns-add command will not check the dns server value, it just accept any value given from the command line:

[root@bootp-73-3-203 ~]# podman network update test --dns-add fake
test
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "network_dns_servers": [
               "fake"
          ],
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

2. When we try to drop the last dns server value from the network, it will report error. But after that the value is actually removed.

[root@bootp-73-3-203 ~]# podman network update test --dns-drop fake
error: The argument '--network-dns-servers <NETWORK_DNS_SERVERS>' requires a value but none was supplied

For more information try --help
Error: netavark: : EOF
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

3. With the default setup container can access with default gateway. But after we deleted the last dns-server from the network, it can not access any server with nslookup. Here is the details:

[root@bootp-73-3-203 ~]# podman network create test
test
[root@bootp-73-3-203 ~]# podman run -d --name con1 --network test quay.io/libpod/busybox top
1c157cce9ab41698d2df4dac6542f143ac4f1b8d0ac15325f85230b7be4e3ee8
[root@bootp-73-3-203 ~]# podman network inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman exec con1 nslookup google.com
Server:		10.89.0.1
Address:	10.89.0.1:53

Non-authoritative answer:
Name:	google.com
Address: 172.217.194.139
Name:	google.com
Address: 172.217.194.100
Name:	google.com
Address: 172.217.194.102
Name:	google.com
Address: 172.217.194.138
Name:	google.com
Address: 172.217.194.101
Name:	google.com
Address: 172.217.194.113

*** Can't find google.com: No answer
[root@bootp-73-3-203 ~]# podman network update test --dns-add fake
test
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "network_dns_servers": [
               "fake"
          ],
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman network update test --dns-drop fake
error: The argument '--network-dns-servers <NETWORK_DNS_SERVERS>' requires a value but none was supplied

For more information try --help
Error: netavark: : EOF
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman exec con1 nslookup google.com
;; connection timed out; no servers could be reached

nslookup: write to '10.89.0.1': Connection refused

Hi Aditya Rajan Can you help to check this? Thanks a lot.
Comment 1 Tom Sweeney 2023-03-29 22:04:10 UTC 
`c/common` https://github.com/containers/common/pull/1358 and `c/netavark` https://github.com/containers/netavark/pull/617 and https://github.com/containers/netavark/pull/646 should fix this.
Comment 3 Jindrich Novy 2023-03-31 11:02:13 UTC 
btw. the c/common change needs to be vendored into v4.4.1-rhel branch, please let me know once you have the PR. Thanks!
Comment 12 errata-xmlrpc 2023-11-14 15:29:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6939