Add host.containers.internal entry in aardvark-dns

hrenard commented 1 year ago

Feature request description

Hi,

I think that adding the host.containers.internal entry in aardvark-dns would be more consistent and quite handy in some cases.

Suggest potential solution

No response

Have you considered any alternatives?

No response

Additional context

When using podman as backend for a k8s kind cluster, host.containers.internal is not resolvable because k8s's internal coredns forwards requests directly to aardvark-dns and /etc/hosts is not propagated to pods.

Luap99 commented 1 year ago

Moved to aardvark-dns repo

In principle that would be possible. However I am not sure if doing this would not break users, at the very least we would need to respect the containers.conf host_containers_internal_ip entry.

Also in the podman machine scenario right now we do not add the entry in /etc/hosts and let it fall back to the internal gvproxy dns server which would return you the actual proper host ip and not the VM ip. If we have aardvark-dns in between replying then this would no longer work.

miwagner1 commented 9 months ago

I am currently running into an issue with Nginx where it does not resolve host.containers.internal because it does not read /etc/hosts for lookups. Having host.containers.internal entry in aardvark-dns would make it just work without extra workarounds.

akostadinov commented 1 month ago

yeah, there are cases where /etc/hosts is ignored. Will be much easier to have host.containers.internal resolvable through DNS. The entry inside /etc/hosts can stay, no problem with the redundancy IMO.

djasa commented 1 week ago

I'm playing around this right now. A workaround is pretty easy: just add a host line to /run/containers/networks/aardvark-dns/{network_name} (and maybe make sure to delete the file after last container exits to prevent stale first line? I didn't get that far yet...)

However this comes with a side effect: in addtion to making host resolvable by containers, it also makes the containers' short names and {cont}.dns.podman names resolvable by the host, which is currently by default prevented by this aardvark-dns code. Long names are OK but the short names seem to me like a pretty big change of default behaviour.

If there are some bigger changes planned in this area, changes in this direction would seem good to me:

enable this host-from-containers resolution for all (or by default if there are users depending on the current behaviour?)
enable containers-from-host for long names only and for containers that are reachable from the host
revive "search domains" and use network name as the search domain for the given container

The last bullet would, if I read correctly this discussion/comment, make the behaviour the same as docker's and based on many questions/issues about container name resolution, as many people expect...

(Just for the context: my use case is to run the IPA container and make the host its client. For this, I need to resolve container's FQDN from the host and ... there's no straightforward solution to setting up the DNS for this case, while it feels that it should be as easy as instructing host's local resolver to forward requests for network-name.tld domain to the respective network's gateway:53)

containers / aardvark-dns