cs96and
commented
6 years ago I've done a bit more research into this and it actually appears that vpnkit is actually caching the response from the DNS server with the numerically lowest IP address.
E.g. If you have two DNS servers 1.1.1.1 and 2.2.2.2, then vpnkit will cache the responses from 1.1.1.1, regardless of whether the responses are faster or slower than from 2.2.2.2.
Would it be possible to get vpnkit to simply cache the first response it sees?
justincormack
I'm running Docker For Windows, and noticed I was getting some strange results for DNS queries. The windows host machine has multiple DNS servers specified...
We have an internal hostname that returns different results depending on which DNS server responds. The LAN DNS server will respond with an IP address on that LAN. The WAN DNS server will respond with an IP address from that subnet.
Just after Docker has been (re)started, doing a dig for the hostname inside a container returns the correct LAN address (vpnkit is presumable just returning the first answer it received). However all subsequent lookups for that hostname always return the incorrect WAN IP address.
Running a Wireshark capture on the Windows host, I can see that vpnkit sends the query off to all configured DNS servers the first time the lookup is done inside the container. The LAN DNS server responds first, so that is what gets returned to the docker container. However, all subsequent lookups only get sent to the LAN DNS and 8.8.8.8. Even though the WAN DNS server is not being queried, and the correct LAN IP address is being received by the host, the container is receiving the WAN IP address as the answer. Therefore, it would appear that after the first query, vpnkit has cached the slowest response and will always return that to the container.