Clarify resolv.conf requirements (#197)

Author: DavidePrincipi

dnsmasq.rst

@@ -6,7 +6,10 @@ DNSMasq
 
 The DNSMasq module is a lightweight DNS and DHCP server designed to provide its services within a private network. It is not recommended for use as a public DNS server.
 
-It can be installed through the :ref:`software_center-section`.
+.. note::
+
+  Do not configure Dnsmasq as the NS8 node name resolver in
+  ``/etc/resolv.conf``. For more information, see :ref:`resolv-conf`.
 
 
 Prerequisites

system_requirements.rst

@@ -47,38 +47,70 @@ Static IP address
 =================
 
 A working internet connection is necessary for the installation,
-configuration, and updating of the system. It is required also if an
+configuration, and updating of the node. It is required also if an
 active :ref:`subscription <subscription-section>` is in place.
 
-Assign a static IP address to the system. DHCP and any other
+Assign a static IP address to the node. DHCP and any other
 dynamic IP discovery protocols are not allowed.
 
+.. _resolv-conf:
+
+Name resolution
+===============
+
+The node name resolver must be configured to use DNS servers that are not
+provided by NS8 itself. This is required because the ``/etc/resolv.conf``
+file is inherited by application containers, which may use private network
+setups that can conflict with the node’s own DNS service.
+
+The ``/etc/resolv.conf`` file should contain one or more ``nameserver``
+lines specifying the IP addresses of DNS servers available to the node.
+These servers can be in the same LAN or on the public Internet. If the
+file is managed by tools such as ``NetworkManager`` or ``cloud-init``, do
+not edit it directly. Instead, follow the configuration guidelines
+provided by those tools.
+
+Avoid the following configurations:
+
+- Do not use ``nameserver 127.0.0.1`` or any IP address assigned to the
+  node itself. If the Linux distribution has installed a local DNS
+  resolver service, refer to its documentation to disable or remove it.
+
+- Do not use any NS8 application providing DNS service as the node name
+  resolver, such as Samba Active Directory or DNSMasq. This can cause
+  name resolution loops or prevent node updates.
+
+- Do not mix DNS servers from different network scopes, for example,
+  ``1.1.1.1`` (public, Cloudflare) and ``192.168.1.1`` (private). Doing so
+  can lead to inconsistent DNS query results.
+
+
 .. _dns-reqs:
 
 DNS configuration
 =================
 
-To ensure network clients can connect to the server, its fully qualified
+To ensure network clients can connect to the node, its fully qualified
 domain name (FQDN) must resolve to a routable IP address via DNS. Register
 the FQDN with DNS record type A for IPv4 addresses and type AAAA for IPv6
 addresses.
 
 A correct FQDN and DNS setup is essential for TLS encryption to function
-properly. Once connected to the server, network clients verify the TLS
+properly. Once connected to the node, network clients verify the TLS
 certificate against the given FQDN.
 
 To meet these requirements, follow these steps:
 
-1. **Determine your DNS provider**: Based on your server's purpose, DNS
+1. **Determine your DNS provider**: Based on your node's purpose, DNS
    can be provided by a public internet service, a private network appliance,
    or a combination of both. Review and understand the documentation for
    your chosen DNS provider.
 
-2. **Register the FQDN**: Choose the FQDN for your server and register it
-   in the DNS with the server's public IP address. An FQDN consists of a
-   hostname prefix (a single word) and a DNS domain suffix. For example,
-   if the hostname is ``jupiter`` and the domain suffix is ``example.org``,
-   the resulting FQDN will be ``jupiter.example.org``.
+2. **Register the FQDN**: Choose the FQDN for your node and register it in
+   the DNS with its public IP address. An FQDN consists of a hostname
+   prefix (a single word) and a DNS domain suffix. For example, if the
+   hostname is ``jupiter`` and the domain suffix is ``example.org``, the
+   resulting FQDN will be ``jupiter.example.org``.
 
 
 .. _worker-node-reqs:

user_domains.rst

@@ -104,6 +104,12 @@ must also be able to resolve AD domain names.
   Active Directory DNS server while directing other requests to your
   preferred DNS service (ISP or public DNS).
 
+.. note::
+
+  Do not configure Samba Active Directory as the NS8 node name resolver in
+  ``/etc/resolv.conf``. For more information, see :ref:`resolv-conf`.
+
+
 .. _openldap-section:
 
 LDAP server RFC2307
@@ -138,7 +144,7 @@ Then click the :guilabel:`Add provider` button, select the target node and proce
 
 Replicas are configured in master-master mode.
 
-.. warning:: Active Directory provider does not replicate the SysVol volume.
+.. note:: Active Directory provider does not replicate the SysVol volume.
    Therefore Microsoft's Group Policy Object (GPO) will not be synchronized between replicas.
 
 .. _domain_bind-section:
@@ -418,8 +424,6 @@ The portal is available at the following URL: ::
 
 Where ``<fqdn_node>`` is the FQDN of the node where the provider is and ``<domain_name>`` is the name of the domain provided while configuring the domain.
 
-.. warning:: Without the trailing slash, the portal will not work.
-
 Once reached the page, the user is prompted for login and they can authenticate to the domain with user name and password.
 
 If the login is successful, the user is directed to the ``User Management`` page, where they can proceed to change the password. The password must comply with the domain password policy during this process.