Fixed clashing embedded DNS with systemd-resolved

[excitoon]

This fixes a bug with DNS resolving in some Linux environments given we specified some DNS options.

systemd-resolved has DNS with IP: 127.0.0.53:

$ cat /etc/resolv.conf 
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search local

Docker fails to redirect DNS queries to that address given we touched some other DNS options and /etc/resolv.conf file was rebuilt.

Fixes docker/for-linux#1404

[thaJeztah]

I'm curious, as the isIPv4Loopback() function already returns true for any IP address in the 127.x.x.x range; was this not detected?

[excitoon]

Actually, I bypass checkLoopback there (which is false when Docker generates /etc/resolv.conf from settings): https://github.com/moby/moby/blob/master/libnetwork/sandbox_dns_unix.go#L268 .

[excitoon]

Hi @thaJeztah. Any progress on that?

[corhere]

Special-casing the IP addresses 127.0.0.53 and .54 to always be external will break existing behaviour of the --dns flag.

moby/libnetwork/sandbox_dns_unix.go

Lines 258 to 261 in 3ba527d

	// After building the resolv.conf from the user config save the
	// external resolvers in the sandbox. Note that --dns 127.0.0.x
	// config refers to the loopback in the container namespace
	sb.setExternalResolvers(newRC.Content, resolvconf.IPv4, false)