From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132])
	by passt.top (Postfix) with ESMTPS id B6CC85A0082
	for <passt-dev@passt.top>; Tue, 17 Jan 2023 20:51:02 +0100 (CET)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-4c24993965eso431455387b3.12
        for <passt-dev@passt.top>; Tue, 17 Jan 2023 11:51:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=5ou58n8/VAm5pPdeEYegQmxCUcUtBlkTd8Rc3QkRLzI=;
        b=jqSFdVfR06zevAdJWc9PC/SeNvLds9okLIZa7L3lR6kZ6GVdkjxVxxK3TC73vnuXfu
         0mpbPa9TBx0U6hnsxvHNBZMe2pBbK3XPHYm1RIgIjdnzConqZEFGnSRptAyLl7XHiwqh
         /5RAHPbmDdTETQzRs612plcY13GYD/z1E2lDg3j8JHhXJ9+BOk6hUYyZqzIYAbejlz0A
         1vO48MHXo4kxRuAvfg0J7LeqZ3LAo3oWqUTQApGztJk+VkmzQeVt0Vwk7H8JLb7vXbWa
         OrfEzmeHcDX1c7ytUHADES+IofBnAJOMpv4gheZ5+4BAJMUa3EGjcF8cJeNZMUEJUFWM
         Ym4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=5ou58n8/VAm5pPdeEYegQmxCUcUtBlkTd8Rc3QkRLzI=;
        b=vAsqSeto/YiEQVuG0ZRdmnnmEOjAlxnJYDvtsScY258B59MJx+KutPD9WkgFJgBr/I
         pdD9OKScA3TKP9mAAHdsK60Ol5lgxoGb8jsivO8Lz6Y+G34zaeKvlZyAjqXExRvPWAeB
         CCbeEm3wn9lYFk2wHjG4WH5TZ7eKXydIRwVPb+zdlYWhRYjZpLfxXnK3URf+pXlBvG1J
         u+6Me3Jbw51FtTSh3gtJYi+19eTcEe2VqmqEQILI6wGsMRuK/hXRo2w2m0V9H94TQYC/
         Cy0JbPkC32EzDPLn5A9eQFKYdTl0CCTaiv2X56UcTD/n/CyJMRJeaMV1zSbHDR29QWJP
         NKkQ==
X-Gm-Message-State: AFqh2kr9lPB4+jfuTo4EnQ4Dmi7HqbXpy1m4lJQRJCKyDzBpJQgrHbAW
	C4HmGuR693VtUOnqs5YxcD5DF0u6jjlQxDxKY/KwLBRktHIiPQ==
X-Google-Smtp-Source: AMrXdXu43AzkNLCI8jRraiqMBs9mjb/yyb02uEa5Mqkbj5F5d7YRNKKWioa1sR5kxBXFx9QsiHqyT90IBMEriJ6ZV4I=
X-Received: by 2002:a81:710a:0:b0:4ee:9387:eb1d with SMTP id
 m10-20020a81710a000000b004ee9387eb1dmr550937ywc.437.1673985061298; Tue, 17
 Jan 2023 11:51:01 -0800 (PST)
MIME-Version: 1.0
From: Noah Gold <nkgold@google.com>
Message-ID: <CAEJ_Dr9C4mbm3sc=5biPFkQA-y=ZiMg8NLhtNNntKzcQL9do_g@mail.gmail.com>
Subject: Improved handling of changing DNS resolvers
To: passt-dev@passt.top
Content-Type: text/plain; charset="UTF-8"
X-MailFrom: nkgold@google.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: VJUNAU65U4ZLNX7KI3AMW7JCDQEQHSU3
X-Message-ID-Hash: VJUNAU65U4ZLNX7KI3AMW7JCDQEQHSU3
X-Mailman-Approved-At: Sat, 21 Jan 2023 10:32:37 +0100
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/CAEJ_Dr9C4mbm3sc=5biPFkQA-y=ZiMg8NLhtNNntKzcQL9do_g@mail.gmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/VJUNAU65U4ZLNX7KI3AMW7JCDQEQHSU3/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>
Date: Tue, 17 Jan 2023 19:51:02 
X-Original-Date: Tue, 17 Jan 2023 11:50:50 -0800

Hi folks,

libslirp and Passt have different approaches to sharing DNS resolvers with
the guest system, each with their own benefits & drawbacks. On the libslirp
project, we're discussing [1] how to support DNS failover. Passt already has
 support for this, but there is a drawback to its solution which prevents us
from taking a similar approach: the resolvers are read exactly once, so if the
host changes networks at runtime, the guest will not receive the updated
resolvers and thus its connectivity will break.

libslirp's current approach is to DNAT a single address exposed to the guest
to one of the resolvers configured on the host. The problem here is that if that
one resolver goes down, the guest can't resolve DNS names. We're
considering changing so that instead of a single address, we expose a set of
MAXNS addresses, and DNAT those 1:1 to the DNS resolvers registered with
the host. Because the DNAT table lives on the host side, we can refresh the
guest's resolvers whenever the host's resolvers change, but without the need to
expire a DHCP lease (even with short leases, the guest will still lose
connectivity
for a time).

Does this sound like an approach Passt would be open to adopting as well?

Thanks.

- Noah

[1] https://gitlab.freedesktop.org/slirp/libslirp/-/issues/26