2182894 – --dns-add command is not functioning

Bug 2182894 - --dns-add command is not functioning [NEEDINFO]

Summary: --dns-add command is not functioning

Keywords:
Status:	POST
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	podman
Sub Component:
Version:	8.9
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jindrich Novy
QA Contact:	Yuhui Jiang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2182896 2182897
TreeView+	depends on / blocked

Reported:	2023-03-29 22:01 UTC by Tom Sweeney
Modified:	2023-08-10 19:49 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2182896 2182897 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	tsweeney: needinfo? (jnovy)

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	containers common pull 1358	None	Merged	netavark,NetworkUpdate: `NetworkUpdateOptions` must be IP addresses	2023-03-31 10:59:17 UTC
Github	containers netavark pull 617	None	Merged	update: should allow empty `network_dns_servers`	2023-03-30 10:13:52 UTC
Github	containers netavark pull 646	None	Merged	update,main: do not write empty space when no `network_dns_servers` is provided.	2023-03-30 10:13:52 UTC
Red Hat Issue Tracker	RHELPLAN-153470	None	None	None	2023-03-29 22:01:36 UTC

Description Tom Sweeney 2023-03-29 22:01:02 UTC

From: https://issues.redhat.com/browse/RUN-1739

1. The --dns-add command will not check the dns server value, it just accept any value given from the command line:

[root@bootp-73-3-203 ~]# podman network update test --dns-add fake
test
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "network_dns_servers": [
               "fake"
          ],
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

2. When we try to drop the last dns server value from the network, it will report error. But after that the value is actually removed.

[root@bootp-73-3-203 ~]# podman network update test --dns-drop fake
error: The argument '--network-dns-servers <NETWORK_DNS_SERVERS>' requires a value but none was supplied

For more information try --help
Error: netavark: : EOF
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

3. With the default setup container can access with default gateway. But after we deleted the last dns-server from the network, it can not access any server with nslookup. Here is the details:

[root@bootp-73-3-203 ~]# podman network create test
test
[root@bootp-73-3-203 ~]# podman run -d --name con1 --network test quay.io/libpod/busybox top
1c157cce9ab41698d2df4dac6542f143ac4f1b8d0ac15325f85230b7be4e3ee8
[root@bootp-73-3-203 ~]# podman network inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman exec con1 nslookup google.com
Server:		10.89.0.1
Address:	10.89.0.1:53

Non-authoritative answer:
Name:	google.com
Address: 172.217.194.139
Name:	google.com
Address: 172.217.194.100
Name:	google.com
Address: 172.217.194.102
Name:	google.com
Address: 172.217.194.138
Name:	google.com
Address: 172.217.194.101
Name:	google.com
Address: 172.217.194.113

*** Can't find google.com: No answer
[root@bootp-73-3-203 ~]# podman network update test --dns-add fake
test
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "network_dns_servers": [
               "fake"
          ],
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman network update test --dns-drop fake
error: The argument '--network-dns-servers <NETWORK_DNS_SERVERS>' requires a value but none was supplied

For more information try --help
Error: netavark: : EOF
[root@bootp-73-3-203 ~]# podman inspect test
[
     {
          "name": "test",
          "id": "a8f8cdd3f7ac06d3d71c4b5bacdb349a63fd6a0b23f96ea95e9c533eea80fc30",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2023-03-10T16:45:24.235264659+08:00",
          "subnets": [
               {
                    "subnet": "10.89.0.0/24",
                    "gateway": "10.89.0.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "ipam_options": {
               "driver": "host-local"
          }
     }
]
[root@bootp-73-3-203 ~]# podman exec con1 nslookup google.com
;; connection timed out; no servers could be reached

nslookup: write to '10.89.0.1': Connection refused

Hi Aditya Rajan Can you help to check this? Thanks a lot.

Comment 1 Tom Sweeney 2023-03-29 22:04:10 UTC

`c/common` https://github.com/containers/common/pull/1358 and `c/netavark` https://github.com/containers/netavark/pull/617 and https://github.com/containers/netavark/pull/646 should fix this.

Comment 3 Jindrich Novy 2023-03-31 11:02:13 UTC

btw. the c/common change needs to be vendored into v4.4.1-rhel branch, please let me know once you have the PR. Thanks!

Note You need to log in before you can comment on or make changes to this bug.