daemon/config: change DNSConfig.DNS to a []net.IP

[thaJeztah]

• follow-up to / related to: opts: ValidateIPAddress: improve error, godoc, and tests #46801

Use a strong type for the DNS IP-addresses so that we can use flags.IPSliceVar, instead of implementing our own option-type and validation.

Behavior should be the same, although error-messages have slightly changed:

Before this patch:

dockerd --dns 1.1.1.1oooo --validate
Status: invalid argument "1.1.1.1oooo" for "--dns" flag: 1.1.1.1oooo is not an ip address
See 'dockerd --help'., Code: 125

cat /etc/docker/daemon.json
{"dns": ["1.1.1.1"]}

dockerd --dns 2.2.2.2 --validate
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: dns: (from flag: [2.2.2.2], from file: [1.1.1.1])

cat /etc/docker/daemon.json
{"dns": ["1.1.1.1oooo"]}

dockerd --validate
unable to configure the Docker daemon with file /etc/docker/daemon.json: merged configuration validation from file and command line flags failed: 1.1.1.1ooooo is not an ip address

With this patch:

dockerd --dns 1.1.1.1oooo --validate
Status: invalid argument "1.1.1.1oooo" for "--dns" flag: invalid string being converted to IP address: 1.1.1.1oooo
See 'dockerd --help'., Code: 125

cat /etc/docker/daemon.json
{"dns": ["1.1.1.1"]}

dockerd --dns 2.2.2.2 --validate
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: dns: (from flag: [2.2.2.2], from file: [1.1.1.1])

cat /etc/docker/daemon.json
{"dns": ["1.1.1.1oooo"]}

dockerd --validate
unable to configure the Docker daemon with file /etc/docker/daemon.json: invalid IP address: 1.1.1.1oooo

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

[thaJeztah]

Interesting; looks like we're not very consistent with "defaults" configured on the daemon. For log-driver (and options), we bake the defaults into the container when it's created, but looks like we're not doing that for DNS; i.e. if the daemon was started with --dns 1.1.1.1, then the container does use 1.1.1.1 as DNS;

docker run --rm busybox cat /etc/resolv.conf
nameserver 1.1.1.1

But inspecting a container won't show that in the config;

docker inspect --format '{{.HostConfig.Dns}}' defaultdns
[]

Whereas manually specifying the --dns does get baked into the container;

docker create --dns 2.2.2.2 --name customdns busybox
docker inspect --format '{{.HostConfig.Dns}}' customdns
[2.2.2.2]

I guess this was by design, but it's not very consistent.

[thaJeztah]

I was a bit on the fence whether this test was actually useful, as effectively, it's just testing Go stdlib. OTOH, without this, we would be removing test-cases, so 🤷‍♂️

I'd be happy to remove this test though if we don't think it adds value.

[akerouanton]

It tests slighty more than just the stdlib as it'd fail if the dns field was renamed, or if it was changed from a slice to something else. But yeah, honestly it has pretty much no value.

[akerouanton]

Probably best in a follow-up; change OptionDNS signature to make it take a slice of net.IP.

[thaJeztah]

Yes, I initially had that, but line 58 above takes a slice of strings as input 😞, so it was a case of "win some" / "lose some", so I reverted it back to accepting strings.

[akerouanton]

And same here; it qualifies for a follow-up clean up.

[akerouanton]

LGTM

[thaJeztah]

Interesting; looks like we're not very consistent with "defaults" configured on the daemon. For log-driver (and options), we bake the defaults into the container when it's created, but looks like we're not doing that for DNS; i.e. if the daemon was started with --dns 1.1.1.1, then the container does use 1.1.1.1 as DNS;

• opened a tracking ticket for the above; enhancement: surface DNS in-use for container, and consider "reload" DNS #46822