On Fri, Mar 08, 2024 at 12:25:51AM +0100, Stefano Brivio wrote: > Starting from commit 3a2afde87dd1 ("conf, udp: Drop mostly duplicated > dns_send arrays, rename related fields"), we won't add to c->ip4.dns > and c->ip6.dns nameservers that can't be used by the guest or > container, and we won't advertise them. > > However, the fact that we don't advertise any nameserver doesn't mean > that we didn't find any, and we should warn only if we couldn't find > any. > > This is particularly relevant in case both --dns-forward and > --no-map-gw are passed, and a single loopback address is listed in > /etc/resolv.conf: we'll forward queries directed to the address > specified by --dns-forward to the loopback address we found, we > won't advertise that address, so we shouldn't warn: this is a > perfectly legitimate usage. > > Reported-by: Paul Holzinger > Link: https://github.com/containers/podman/issues/19213 > Fixes: 3a2afde87dd1 ("conf, udp: Drop mostly duplicated dns_send arrays, rename related fields") > Signed-off-by: Stefano Brivio I don't think this is quite the right fix. It makes sense *when* --dns-forward is specified. However if --dns-forward is *not* specified, then having only localhost resolvers on the host side means we really do have nothing the guest can use. So I think we need to make the behaviour explicitly conditional on the dns_match variable. Possibly by making add_dns[46]() accept localhost addresses if (dns_match && no_map_gw)? > --- > conf.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/conf.c b/conf.c > index 4a783b8..c50c039 100644 > --- a/conf.c > +++ b/conf.c > @@ -399,6 +399,7 @@ static void get_dns(struct ctx *c) > int dns4_set, dns6_set, dnss_set, dns_set, fd; > struct fqdn *s = c->dns_search; > struct lineread resolvconf; > + unsigned int added = 0; > char *line, *end; > const char *p; > int line_len; > @@ -427,13 +428,17 @@ static void get_dns(struct ctx *c) > > if (!dns4_set && > dns4 - &c->ip4.dns[0] < ARRAY_SIZE(c->ip4.dns) - 1 > - && inet_pton(AF_INET, p + 1, &dns4_tmp)) > + && inet_pton(AF_INET, p + 1, &dns4_tmp)) { > add_dns4(c, &dns4_tmp, &dns4); > + added++; > + } > > if (!dns6_set && > dns6 - &c->ip6.dns[0] < ARRAY_SIZE(c->ip6.dns) - 1 > - && inet_pton(AF_INET6, p + 1, &dns6_tmp)) > + && inet_pton(AF_INET6, p + 1, &dns6_tmp)) { > add_dns6(c, &dns6_tmp, &dns6); > + added++; > + } > } else if (!dnss_set && strstr(line, "search ") == line && > s == c->dns_search) { > end = strpbrk(line, "\n"); > @@ -459,7 +464,7 @@ static void get_dns(struct ctx *c) > close(fd); > > out: > - if (!dns_set && dns4 == c->ip4.dns && dns6 == c->ip6.dns) > + if (!dns_set && !added) > warn("Couldn't get any nameserver address"); > } > -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson