From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=ben.woods.am
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; unprotected) header.d=woods.am header.i=@woods.am header.a=rsa-sha256 header.s=fm2 header.b=cZQd8zF5;
	dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=huMuoNqY;
	dkim-atps=neutral
Received: from fout-a5-smtp.messagingengine.com (fout-a5-smtp.messagingengine.com [103.168.172.148])
	by passt.top (Postfix) with ESMTPS id A549D5A0008
	for <passt-user@passt.top>; Mon, 28 Apr 2025 15:13:54 +0200 (CEST)
Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44])
	by mailfout.phl.internal (Postfix) with ESMTP id 9DC8313800D3;
	Mon, 28 Apr 2025 09:13:53 -0400 (EDT)
Received: from phl-imap-06 ([10.202.2.83])
  by phl-compute-04.internal (MEProxy); Mon, 28 Apr 2025 09:13:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=woods.am; h=cc
	:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1745846033;
	 x=1745932433; bh=fzgVuAdaPjov9EkmtiiWE4zs4vQNx4HSM0eh5/dRymE=; b=
	cZQd8zF5+e+Iz8Wk16lM2jByGJFailLlB9hHTJZ9S0P0E0m11HQmzmsJGJfubn/8
	AfM2tNrzeKiuA/5xv1r3xIh1XFS/aOBiPCHgxEfVBbc4U+mp94yKZSat4yd7agMr
	Awg/Z7gkYr+ziLBYB1b4hspRWvCtSLebODY7P59o5//JlpZu3q/S1rVMq6pj9hMV
	VtXUMrszghoQYKzlviAQ00V7HSCXxyepeOUwGtGyRqB6GES3gCDKhQBbs1DTvnD4
	wwQ+xGs6gFI4+XAYuY0KbGN9O/OZwA7j6Prrnz6zRNekahOxeBnCoHY9hF7l6jy3
	T1NkM0CUir1BvBUIGz2/Vw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1745846033; x=
	1745932433; bh=fzgVuAdaPjov9EkmtiiWE4zs4vQNx4HSM0eh5/dRymE=; b=h
	uMuoNqYc6M6cg5k+6GdP4q/VPm7geSStU9H9OASQKEb7ANLPYiu+jFCp/l1/CDpQ
	LyOk7hilyzxSV6rlYxXqIt25Ig23hx1V0TZYNMus1E6pHQ8UhwijlRqo9b6T4TlY
	N4zSHNMd4aGoKhKmuIvjvvq0ZuiBTn73nUPgCNGg5isDNet/CWi8LPUXGGwxoceK
	Ngxjrz3Ix8DobOYPlQ7PsPa3lP1J1H0/q0czAuybAUie6fU9EZPKkr0/dDL/4N7V
	FSxmUWMlQ236aJ+DVqcD7ShKSiufC+e/CAJkem0Dh5BVLqFC0ws1GXtU4HaFPDRq
	FwmMIZ99Va0t+WznP3uSQ==
X-ME-Sender: <xms:EX8PaLMejHt4tj_2U8DMeaiabZI0Mi1Phywd3sNztcQcM7_ztx9H2Q>
    <xme:EX8PaF8AOE0UnWsb_ixaFoZ2nPJF2FO6lM0MfR5jZ_ZUcyrquC0HkRkQa4jATMlyd
    2qnwXnVbNLIwwT6edk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddviedutdegucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
    pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih
    gvnhhtshculddquddttddmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertder
    tdejnecuhfhrohhmpedfuegvnhcuhghoohgushdfuceophgrshhtrgessggvnhdrfihooh
    gushdrrghmqeenucggtffrrghtthgvrhhnpedthffgkeehheffkefgfeevkefftdeilefg
    geefieeutefhffelfefgjeeiueffgeenucffohhmrghinhepphgrshhsthdrthhophenuc
    evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehprghsthgr
    segsvghnrdifohhoughsrdgrmhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtph
    houhhtpdhrtghpthhtohepphgrshhsthdquhhsvghrsehprghsshhtrdhtohhppdhrtghp
    thhtohepshgsrhhivhhiohesrhgvughhrghtrdgtohhm
X-ME-Proxy: <xmx:EX8PaKTaIeJ58Os7M--S0-8r1SPHvjKEdl-8YeOisoz9iG89smHqgQ>
    <xmx:EX8PaPvb7L50Kqs5RswVliggg1rp1or2tdm8rfn5BzeAGC7mMEz31g>
    <xmx:EX8PaDfwJMrLrcrbBhTNPSCw9XvG9ZyMCwPLBnrtyc1DpZu3UbyY1g>
    <xmx:EX8PaL1NJudMIwa6s9qYNVm1S_hghU1VSN75d4vXv91A-nV36eqwVA>
    <xmx:EX8PaOv3zOUHWYDUW3-nTukwogPTDi4l95J1WFAdhn_PIn1H8ccN-iRQ>
Feedback-ID: i10d149a1:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
	id 58A4729C0072; Mon, 28 Apr 2025 09:13:53 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T84bb6701e397f817
Date: Mon, 28 Apr 2025 21:13:31 +0800
From: "Ben Woods" <pasta@ben.woods.am>
To: "Stefano Brivio" <sbrivio@redhat.com>
Message-Id: <781f1190-f0ae-46d7-b935-8231f14d15cd@app.fastmail.com>
In-Reply-To: <20250428150507.093cc8d5@elisabeth>
References: <d45670f0-75a0-4ec0-afde-c64c7f031d8f@app.fastmail.com>
 <20250428150507.093cc8d5@elisabeth>
Subject: Re: pasta - Multiple DNS servers in resolv.conf
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-MailFrom: pasta@ben.woods.am
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: OEFATE7KRLTM5T6GRQLHWMRH3RHHKHUO
X-Message-ID-Hash: OEFATE7KRLTM5T6GRQLHWMRH3RHHKHUO
X-Mailman-Approved-At: Mon, 28 Apr 2025 15:19:02 +0200
CC: passt-user@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/781f1190-f0ae-46d7-b935-8231f14d15cd@app.fastmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/OEFATE7KRLTM5T6GRQLHWMRH3RHHKHUO/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>

Thanks for the detailed reply Stefano - very helpful to come up to speed=
 on the recent history.

On Mon, 28 Apr 2025, at 9:05 PM, Stefano Brivio wrote:
> Hi Ben,
>
> On Fri, 25 Apr 2025 17:13:58 +0800
> "Ben Woods" <pasta@ben.woods.am> wrote:
>
>> Hi Stefano,
>>=20
>> I have 2 DNS servers listed in the host /etc/resolv.conf - useful
>> during a failure or maintenance of the primary server (even if
>> fallback to the send server is much slower).
>>=20
>> Can you please advise the best way to get podman containers using
>> pasta to also have the 2 DNS servers?
>
> There's no way to do that directly (and you _should_ not need it, I
> think), because pasta doesn't really speak DNS (for simplicity /
> security).
>
> It can just forward what looks like DNS over TCP and UDP back and
> forth, but it's not aware of single queries or responses, so it can't
> really "fall back" to a secondary server. However:
>
>> I note that if I don=E2=80=99t provide a =E2=80=94dns-forward option =
then the
>> resolv.conf file is mapped through from the host, with an additional
>> nameserver 169.254.1.1 added as the first entry above the ones in the
>> host file.
>
> ...that will map to whatever resolver you have as first resolver on the
> host. The other resolvers are there as well, though, so the fall back
> should work exactly as it does on the host. That's why I think you
> shouldn't need an explicit fallback handled by pasta.
>
> We have / had an issue though, and it was just fixed by this series:
>
>  =20
> https://archives.passt.top/passt-dev/20250417015543.457310-1-david@gib=
son.dropbear.id.au/
>
> and somewhat described / analysed here:
>
>   https://archives.passt.top/passt-dev/Z_3ukwUuG6kHwUW5@zatzit/
>
> where we wouldn't send ICMP errors back to the container for
> unresponsive DNS resolvers.
>
> As a result, resolvers needed to time out instead of failing right
> away, and if your application timed out before the resolver itself,
> then you wouldn't see the fallback in action at all.
>
> This fix will be available in the next release (probably in a couple of
> days, might be a couple of weeks).
>
> --=20
> Stefano

--=20
From: Ben Woods
ben@woods.am