search

hyperhq / runv

Hypervisor-based Runtime for OCI
Apache License 2.0
826 stars 129 forks source link

DNS server in user-defined networks #363

Open pmorjan opened 8 years ago

pmorjan commented 8 years ago

I can't get the embedded DNS server in a user-defined network working. This could be a real issue of Runv or an incorrect setup.

I tried to minimize my setup as followed:

# runv --kernel kernel --initrd hyper-initrd.img --debug containerd
# dockerd -s overlay -H unix:///var/run/docker.sock --containerd /run/runv-containerd/containerd.sock --debug

using the default docker bridge works as expected:

# docker run -t --rm busybox nslookup www.google.com
Server:    192.168.122.1
Address 1: 192.168.122.1
Name:      www.google.com
Address 1: 2a00:1450:4009:80c::2004 lhr35s07-in-x04.1e100.net
Address 2: 216.58.198.164 lhr25s10-in-f164.1e100.net

in a user-defined network every DNS request fails:

# docker network create --subnet=172.19.0.0/16 mynet
# docker run -t --rm --network=mynet busybox nslookup www.google.com
Server:    127.0.0.11
Address 1: 127.0.0.11

nslookup: can't resolve 'www.google.com'

It's only the embedded DNS that doesn't work. E.g. nslookup www.googe.com 8.8.8.8 works fine as well as the network in general. Maybe somebody else is already aware of this problem. I'm using runv 0.6.2, latest hyperstart ca80a07e and docker 1.12.2 Unbuntu x86_64 Thanks peter

gao-feng commented 7 years ago

Thanks for your report!

The reason is dns request sent out by container bypass the dns resolver of docker. It's a bug of runv network implement, Will try to fix it.

Thanks

gao-feng commented 7 years ago

@pmorjan Sorry, This is difficult for us to support this feature now. since docker adds netfilter nat rules in container netns and use loopback address as nameserver... We need to consider a compatible way for runv to work together with docker daemon.

gao-feng commented 7 years ago

update: docker start process to serve as dns service in container netns. have no idea how to handle this in runv now.

# netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:33517        0.0.0.0:*               LISTEN      14873/dockerd       
udp        0      0 127.0.0.11:36107        0.0.0.0:*                           14873/dockerd
pmorjan commented 7 years ago

Thanks for the update. I understand there is no easy way to solve this. Since I no longer need a fix for this issue feel free to close it. Thanks!