Epic: Use Lima host resolver on Windows

[jandubois]

We want to use the Lima host resolver to take advantage of all the DNS configuration on the host itself (automatic support of split-DNS over VPN etc).

The resolver code should be in a separate repo at https://github.com/rancher-sandbox/rancher-desktop-host-resolver. It currently uses a fork of pkg/hostagent/dns.go from Lima to allow rapid development. Once this task is complete, any changes should be back-ported upstream.

• [x] Add cobra commandline processing. Add options for the listening interface, the tcp and udp ports, IPv6 support, and built-in hostnames (like host.docker.internal).

• [x] Choose random available ports when tcp/udp ports are not specified.

  Look at the findXXXFreeLocalPort functions; we should be able to reuse them.

• [x] Add an option to specify allowed source addresses and reject connections not from allowed sources.

  For WSL2 we will need to connect via the host IP address, but we don't want to accept outside connections. Look at the pseudo loopback forwarder for a possible implementation (except that one checks destination, not source address).

NOTE: For the above item, a different approach was taken. To avoid filtration of the incoming DNS requests. The host-resolver runs two processes, 1) In wsl distro 2) on the windows host machine, the communication happens over a dedicated AF_VSOCK connection, therefore the process that runs on the windows host machine can only accept DNS lookups that are incoming over the AF_VSOCK connection.

• [x] Create Github action to make releases

• [x] Download host resolver in Rancher Desktop resources

• [x] Start/stop host resolver before/after the WSL2 distro is started

• [x] Replace dnsmasq with the host resolver. NOTE: for the item above, we are allowing the users to choose between host-resolver or dnsmaq through experimentalHostResolver configuration flag.

[Nino-K]

How to enable this feature:

This feature can be enabled through a configuration property experimentalHostResolver in %APPDATA%\rancher-desktop\settings.json. By default this property is set to false, meaning that the default DNS process in the rancher desktop will be handled through dnsmasq. However, if this property is set to true the default DNS lookup will switch to host-resolver.

NOTE: This feature can only be enabled for Windows currently and it is an experimental feature.

You can take a look at the example settings.json file below as a reference:

{
   "version":4,
   "kubernetes":{
      "version":"1.22.7",
      "memoryInGB":2,
      "numberCPUs":2,
      "port":6443,
      "containerEngine":"moby",
      "checkForExistingKimBuilder":false,
      "enabled":true,
      "WSLIntegrations":{
         "Ubuntu":true
      },
      "options":{
         "traefik":true,
         "flannel":true
      },
      "suppressSudo":false,
      "experimentalHostResolver":true           <== This is the config!
   },
   "portForwarding":{
      "includeKubernetesServices":false
   },
   "images":{
      "showAll":true,
      "namespace":"k8s.io"
   },
   "telemetry":true,
   "updater":false,
   "debug":false,
   "pathManagementStrategy":"notset"
}

After applying the configuration changes above you must restart Rancher Desktop for the changes to take place.

[Nino-K]

Related PRs:

PR #2079 rancher-desktop PR #7 rancher-desktop-host-resolver

[jandubois]

NOTE: This feature can only be enabled for Windows currently and it is an experimental feature.

It is already the default on Linux and macOS.

[CaringDev]

On Windows %APPDATA%\rancher-desktop\settings.json