From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) by passt.top (Postfix) with ESMTPS id B6CC85A0082 for ; Tue, 17 Jan 2023 20:51:02 +0100 (CET) Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-4c24993965eso431455387b3.12 for ; Tue, 17 Jan 2023 11:51:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=5ou58n8/VAm5pPdeEYegQmxCUcUtBlkTd8Rc3QkRLzI=; b=jqSFdVfR06zevAdJWc9PC/SeNvLds9okLIZa7L3lR6kZ6GVdkjxVxxK3TC73vnuXfu 0mpbPa9TBx0U6hnsxvHNBZMe2pBbK3XPHYm1RIgIjdnzConqZEFGnSRptAyLl7XHiwqh /5RAHPbmDdTETQzRs612plcY13GYD/z1E2lDg3j8JHhXJ9+BOk6hUYyZqzIYAbejlz0A 1vO48MHXo4kxRuAvfg0J7LeqZ3LAo3oWqUTQApGztJk+VkmzQeVt0Vwk7H8JLb7vXbWa OrfEzmeHcDX1c7ytUHADES+IofBnAJOMpv4gheZ5+4BAJMUa3EGjcF8cJeNZMUEJUFWM Ym4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=5ou58n8/VAm5pPdeEYegQmxCUcUtBlkTd8Rc3QkRLzI=; b=vAsqSeto/YiEQVuG0ZRdmnnmEOjAlxnJYDvtsScY258B59MJx+KutPD9WkgFJgBr/I pdD9OKScA3TKP9mAAHdsK60Ol5lgxoGb8jsivO8Lz6Y+G34zaeKvlZyAjqXExRvPWAeB CCbeEm3wn9lYFk2wHjG4WH5TZ7eKXydIRwVPb+zdlYWhRYjZpLfxXnK3URf+pXlBvG1J u+6Me3Jbw51FtTSh3gtJYi+19eTcEe2VqmqEQILI6wGsMRuK/hXRo2w2m0V9H94TQYC/ Cy0JbPkC32EzDPLn5A9eQFKYdTl0CCTaiv2X56UcTD/n/CyJMRJeaMV1zSbHDR29QWJP NKkQ== X-Gm-Message-State: AFqh2kr9lPB4+jfuTo4EnQ4Dmi7HqbXpy1m4lJQRJCKyDzBpJQgrHbAW C4HmGuR693VtUOnqs5YxcD5DF0u6jjlQxDxKY/KwLBRktHIiPQ== X-Google-Smtp-Source: AMrXdXu43AzkNLCI8jRraiqMBs9mjb/yyb02uEa5Mqkbj5F5d7YRNKKWioa1sR5kxBXFx9QsiHqyT90IBMEriJ6ZV4I= X-Received: by 2002:a81:710a:0:b0:4ee:9387:eb1d with SMTP id m10-20020a81710a000000b004ee9387eb1dmr550937ywc.437.1673985061298; Tue, 17 Jan 2023 11:51:01 -0800 (PST) MIME-Version: 1.0 From: Noah Gold Message-ID: Subject: Improved handling of changing DNS resolvers To: passt-dev@passt.top Content-Type: text/plain; charset="UTF-8" X-MailFrom: nkgold@google.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: VJUNAU65U4ZLNX7KI3AMW7JCDQEQHSU3 X-Message-ID-Hash: VJUNAU65U4ZLNX7KI3AMW7JCDQEQHSU3 X-Mailman-Approved-At: Sat, 21 Jan 2023 10:32:37 +0100 X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Date: Tue, 17 Jan 2023 19:51:02 X-Original-Date: Tue, 17 Jan 2023 11:50:50 -0800 Hi folks, libslirp and Passt have different approaches to sharing DNS resolvers with the guest system, each with their own benefits & drawbacks. On the libslirp project, we're discussing [1] how to support DNS failover. Passt already has support for this, but there is a drawback to its solution which prevents us from taking a similar approach: the resolvers are read exactly once, so if the host changes networks at runtime, the guest will not receive the updated resolvers and thus its connectivity will break. libslirp's current approach is to DNAT a single address exposed to the guest to one of the resolvers configured on the host. The problem here is that if that one resolver goes down, the guest can't resolve DNS names. We're considering changing so that instead of a single address, we expose a set of MAXNS addresses, and DNAT those 1:1 to the DNS resolvers registered with the host. Because the DNAT table lives on the host side, we can refresh the guest's resolvers whenever the host's resolvers change, but without the need to expire a DHCP lease (even with short leases, the guest will still lose connectivity for a time). Does this sound like an approach Passt would be open to adopting as well? Thanks. - Noah [1] https://gitlab.freedesktop.org/slirp/libslirp/-/issues/26