Open flouthoc opened 1 month ago
@Luap99 Any thoughts on above ? Maybe we can add --zone=netavark_zone --add-port=53/udp
by default or --zone=netavark_zone --add-port=<dns_bind_port>/udp
?
Is that with using the firewall driver? Because with iptables/nftables we definitely should add the accept rule already.
In general the firewalld driver cannot recommend for use as it is pretty broken (see open issues about firewalld), @mheon is working to fix most of them so I guess this would be another?
@Luap99 Yes when using firewalld
dns does not works unless i manually add the port/protocol to netavark_zone
. I think netavark should do it by default if @mheon is not on it. I can create a patch in spare time.
DNS should already be fixed on my patch, it's just port forwarding that's broken at this point AFAIK.
@mheon Is the patch which you are describing is on any of the open PR or merged in recent releases/upstream ?
https://github.com/containers/netavark/pull/885
I really need to push the latest version with the isolation code added, but I still have not worked out the issues with port forwarding. Hopefully soon?
Hopefully soon?
Sure I'm not in a rush just asked out of curiosity since I was interested in looking/trying the patch. Please take your time.
Although given I added tcp support to aardvark-dns we likely need to check that all rules allow 53 udp and tcp.
Although given I added tcp support to aardvark-dns we likely need to check that all rules allow 53 udp and tcp.
I agree if tcp
is added then this should support tcp
as well.
It seems on default setups with firewalld
DNS
is not functional at all, would it make sense to add--zone=netavark_zone --add-port=53/udp
?Reproducer
firewalld
Current Output
Expected output
Resolution for default networks should work