From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CeCeFGxo;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id C51CF5A0008
	for <passt-user@passt.top>; Mon, 28 Apr 2025 15:05:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1745845513;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=kOLytnVF3PEFPmI5v1FI8xkroUqaVXDzFdc4I+xPgS4=;
	b=CeCeFGxoqIvuPqasY+0o95lkmPfLeXlFzJ64s5ZhpdYpxxqurOrFNBqIgYrTsq/WvaXyMZ
	9Qpfw/smIUFFnyCQNjjmvQ4v6NaE4qhh/fzjFAROSQ3WsaBOcGuuSN7XLu2j3iV4LZjSGm
	aQNXfaQ+tCzeTTBWFrIDNXmeN/9BJYs=
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
 [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-81-cBI6Jgy_Mem3v8kcLdQYVw-1; Mon, 28 Apr 2025 09:05:12 -0400
X-MC-Unique: cBI6Jgy_Mem3v8kcLdQYVw-1
X-Mimecast-MFC-AGG-ID: cBI6Jgy_Mem3v8kcLdQYVw_1745845511
Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-39126c3469fso1526891f8f.3
        for <passt-user@passt.top>; Mon, 28 Apr 2025 06:05:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745845510; x=1746450310;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=kOLytnVF3PEFPmI5v1FI8xkroUqaVXDzFdc4I+xPgS4=;
        b=j7X0UhKAb9nXViIc9J9yFAWV5ji2mLdcFOHMoL0Ba/NnMpoX5Zt8zIi/k1Jj/8tA4u
         SRpn9nJmRW8FIU7Gi16GbAyFL+W/fKzr+BfQ5Im5xjHcHPL82y8ZaJM4wolkM/Ywl53g
         yK/PyRkwmlMdeGJo3+ixsbclGERzfFBL0OwXrULvxutJqQ5iTIrxq0h5KATuR9bXGyjD
         0vc6DufuQq12tGUBGvp9CAaF6dJYPXRcFtmevSZACbFldUEMhHkBbSE1I/CHgdeAE5oW
         jL9Gq8aDlZmUQWN/m/+1nrofFHDoUc6IGmJM9UqqYEqj4A7qj/bxFek+IYgDggD7cfPi
         /Bwg==
X-Gm-Message-State: AOJu0Yx1j4KLHDSL90sgt5qsmXQiJjDrffncunFnAJyzrX/rfQbMMYDC
	vMmF21WmKtPk5fVvWi5N58jNeP8ZBBopsR6aKQeZ5B3JGbNUMnijgJzVHO5ztGdt6VgAoR6PdLr
	k6F+JXibUszjndFly54tg+l4rrZO/7yeHYT8PPZcrdnZGuqX9rv55VxmG0fg=
X-Gm-Gg: ASbGncuT/aFGV9yFIAW0adLaetroZi96tBYD3v5mQx3qloLG07Pq68kOTeGpkqK3NGL
	MUtGCDfSUhJfYC8PepeNtLQHehh6qg5kYs3/BuwVMyFUG+k0z+DF7U8qxg/8YIIn05a8aOSBmkh
	v5P8SYpvoAtadOt6dG9xByO38MCl2A5EGImZplpPCuQMxMUgESQH8H9ZMVjbPsVj2ZZUZB8RdQ7
	SfaqEJW722zHYcLOqtgppnfAuOxlxhlvHzVkoF2VsN7j2BiyjVdyAb4VNtNnRwLB/2772YjhLqE
	zLno8ERR6dkYdsx4LHRO7yM=
X-Received: by 2002:a05:6000:40ca:b0:3a0:880a:144f with SMTP id ffacd0b85a97d-3a0880a14femr915658f8f.6.1745845510074;
        Mon, 28 Apr 2025 06:05:10 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFsQgNk/gAFcFFiiVTggHkPz+CpU2+LVH88J2wkUMjYuA7nC/vS3ItmcE2QFgSudP/lHxQjEA==
X-Received: by 2002:a05:6000:40ca:b0:3a0:880a:144f with SMTP id ffacd0b85a97d-3a0880a14femr915607f8f.6.1745845509557;
        Mon, 28 Apr 2025 06:05:09 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a073cbec5csm10782949f8f.43.2025.04.28.06.05.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 28 Apr 2025 06:05:09 -0700 (PDT)
Date: Mon, 28 Apr 2025 15:05:07 +0200
From: Stefano Brivio <sbrivio@redhat.com>
To: "Ben Woods" <pasta@ben.woods.am>
Subject: Re: pasta - Multiple DNS servers in resolv.conf
Message-ID: <20250428150507.093cc8d5@elisabeth>
In-Reply-To: <d45670f0-75a0-4ec0-afde-c64c7f031d8f@app.fastmail.com>
References: <d45670f0-75a0-4ec0-afde-c64c7f031d8f@app.fastmail.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: 5t6zhvaGcsecHvFuJl3_Lz7YryzlIBBK8-xJ9re3XBk_1745845511
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: HOZ73555ZA7K3CR6QDS3GMLQKO2HFT6N
X-Message-ID-Hash: HOZ73555ZA7K3CR6QDS3GMLQKO2HFT6N
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-user@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/20250428150507.093cc8d5@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/HOZ73555ZA7K3CR6QDS3GMLQKO2HFT6N/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>

Hi Ben,

On Fri, 25 Apr 2025 17:13:58 +0800
"Ben Woods" <pasta@ben.woods.am> wrote:

> Hi Stefano,
>=20
> I have 2 DNS servers listed in the host /etc/resolv.conf - useful
> during a failure or maintenance of the primary server (even if
> fallback to the send server is much slower).
>=20
> Can you please advise the best way to get podman containers using
> pasta to also have the 2 DNS servers?

There's no way to do that directly (and you _should_ not need it, I
think), because pasta doesn't really speak DNS (for simplicity /
security).

It can just forward what looks like DNS over TCP and UDP back and
forth, but it's not aware of single queries or responses, so it can't
really "fall back" to a secondary server. However:

> I note that if I don=E2=80=99t provide a =E2=80=94dns-forward option then=
 the
> resolv.conf file is mapped through from the host, with an additional
> nameserver 169.254.1.1 added as the first entry above the ones in the
> host file.

...that will map to whatever resolver you have as first resolver on the
host. The other resolvers are there as well, though, so the fall back
should work exactly as it does on the host. That's why I think you
shouldn't need an explicit fallback handled by pasta.

We have / had an issue though, and it was just fixed by this series:

  https://archives.passt.top/passt-dev/20250417015543.457310-1-david@gibson=
.dropbear.id.au/

and somewhat described / analysed here:

  https://archives.passt.top/passt-dev/Z_3ukwUuG6kHwUW5@zatzit/

where we wouldn't send ICMP errors back to the container for
unresponsive DNS resolvers.

As a result, resolvers needed to time out instead of failing right
away, and if your application timed out before the resolver itself,
then you wouldn't see the fallback in action at all.

This fix will be available in the next release (probably in a couple of
days, might be a couple of weeks).

--=20
Stefano