Skip to content

Do not forward DNS requests to self.#47744

Merged
akerouanton merged 1 commit intomoby:masterfrom
robmry:47716_no_dns_req_to_self
May 7, 2024
Merged

Do not forward DNS requests to self.#47744
akerouanton merged 1 commit intomoby:masterfrom
robmry:47716_no_dns_req_to_self

Conversation

@robmry
Copy link
Contributor

@robmry robmry commented Apr 23, 2024
edited
Loading

- What I did

Make it safe to supply the internal DNS server's own address as an external DNS server.

Fix #47716

- How I did it

The internal resolver removes its own address from the list of ext-servers it's given, and logs a message.

- How to verify it

New integration test.

- Description for the changelog

When the internal DNS server's own address is supplied as an external server address, ignore it to avoid unproductive recursion.

@robmry robmry self-assigned this Apr 23, 2024
@robmry robmry added area/networking Networking kind/bugfix PR's that fix bugs area/networking/dns Networking labels Apr 23, 2024
@robmry robmry added this to the 27.0.0 milestone Apr 23, 2024
@robmry robmry force-pushed the 47716_no_dns_req_to_self branch 2 times, most recently from 57ed10d to 8450910 Compare April 23, 2024 17:20
@robmry robmry marked this pull request as ready for review April 23, 2024 18:07
@robmry robmry requested review from akerouanton and corhere April 23, 2024 18:07
corhere
corhere approved these changes Apr 23, 2024
View reviewed changes
@robmry
Do not forward DNS requests to self.
8750614 
If a container is configured with the internal DNS resolver's own
address as an external server, try the next ext server rather than
recursing (return SERVFAIL if there are no other servers).

Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry robmry force-pushed the 47716_no_dns_req_to_self branch from 8450910 to 8750614 Compare April 24, 2024 08:16
@akerouanton akerouanton merged commit 4d525c9 into moby:master May 7, 2024
@vvoland vvoland mentioned this pull request May 14, 2024
Merged
@robmry robmry deleted the 47716_no_dns_req_to_self branch May 29, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corhere corhere corhere approved these changes

@akerouanton akerouanton akerouanton approved these changes

Assignees

@robmry robmry

Labels

area/networking/dns Networking area/networking Networking kind/bugfix PR's that fix bugs process/cherry-picked status/2-code-review

Projects

None yet

Milestone

27.0.0

Development

Successfully merging this pull request may close these issues.

Resolving down Swarm service from service with dns: "127.0.0.11" results in hundreds of errors per second in syslog

4 participants

@robmry @corhere @akerouanton @vvoland