search

aws / aws-nitro-enclaves-cli

Tooling for Nitro Enclave Management
Apache License 2.0
116 stars 78 forks source link

`vsock-proxy` DNS lookup fails inside VPC with no internet access. #623

Open rohan-passbird opened 1 month ago

rohan-passbird commented 1 month ago

Recent changes to the vsock-proxy code use a different DNS resolver that uses Google's DNS servers by default(https://github.com/aws/aws-nitro-enclaves-cli/blob/main/vsock_proxy/src/dns.rs#L56). This fails when an EC2 machine runs in a subnet with no internet access.

rohan-passbird commented 1 month ago

Here's the link to the DNS resolver default config that's being used currently: https://github.com/hickory-dns/hickory-dns/blob/f1489da675c21fddc189f2c9505bc9da6c156835/crates/resolver/src/config.rs#L313

meerd commented 1 month ago

Hello @rohan-passbird,

This is a known issue and will be resolved with this PR622.

rohan-passbird commented 1 month ago

Got it. Thanks!

meerd commented 3 weeks ago

The latest release, v1.3.1, resolves the issue. In approximately two weeks, the RPM package should be available in the Amazon Linux repositories.