Fix DNS resolution in ephemeral guests

Configure QEMU user-mode networking to use host DNS servers from
/etc/resolv.conf instead of the default 10.0.2.3, which doesn't work
when QEMU runs inside containers.

Signed-off-by: gursewak1997 <[email protected]>

Author: gursewak1997

crates/kit/src/qemu.rs

@@ -22,6 +22,38 @@ use nix::sys::socket::{accept, bind, getsockname, socket, AddressFamily, SockFla
 use tracing::{debug, trace, warn};
 use vsock::VsockAddr;
 
+/// Read DNS servers from /etc/resolv.conf
+/// Returns a vector of DNS server IP addresses, or None if unable to read/parse
+pub fn read_dns_servers() -> Option<Vec<String>> {
+    let resolv_conf = match std::fs::read_to_string("/etc/resolv.conf") {
+        Ok(content) => content,
+        Err(e) => {
+            debug!("Failed to read /etc/resolv.conf: {}", e);
+            return None;
+        }
+    };
+
+    let mut dns_servers = Vec::new();
+    for line in resolv_conf.lines() {
+        let line = line.trim();
+        // Parse lines like "nameserver 8.8.8.8" or "nameserver 2001:4860:4860::8888"
+        if let Some(server) = line.strip_prefix("nameserver ") {
+            let server = server.trim();
+            if !server.is_empty() {
+                dns_servers.push(server.to_string());
+            }
+        }
+    }
+
+    if dns_servers.is_empty() {
+        debug!("No DNS servers found in /etc/resolv.conf");
+        None
+    } else {
+        debug!("Found DNS servers: {:?}", dns_servers);
+        Some(dns_servers)
+    }
+}
+
 /// The device for vsock allocation
 pub const VHOST_VSOCK: &str = "/dev/vhost-vsock";
 
@@ -80,12 +112,17 @@ pub enum NetworkMode {
     User {
         /// Port forwarding rules: "tcp::2222-:22" format
         hostfwd: Vec<String>,
+        /// DNS servers to use (if None, QEMU's default 10.0.2.3 will be used)
+        dns_servers: Option<Vec<String>>,
     },
 }
 
 impl Default for NetworkMode {
     fn default() -> Self {
-        NetworkMode::User { hostfwd: vec![] }
+        NetworkMode::User {
+            hostfwd: vec![],
+            dns_servers: None,
+        }
     }
 }
 
@@ -322,8 +359,13 @@ impl QemuConfig {
     pub fn enable_ssh_access(&mut self, host_port: Option<u16>) -> &mut Self {
         let port = host_port.unwrap_or(2222); // Default to port 2222 on host
         let hostfwd = format!("tcp::{}-:22", port); // Forward host port to guest port 22
+        // Preserve existing DNS servers if any
+        let dns_servers = match &self.network_mode {
+            NetworkMode::User { dns_servers, .. } => dns_servers.clone(),
+        };
         self.network_mode = NetworkMode::User {
             hostfwd: vec![hostfwd],
+            dns_servers,
         };
         self
     }
@@ -522,23 +564,29 @@ fn spawn(
 
     // Configure network (only User mode supported now)
     match &config.network_mode {
-        NetworkMode::User { hostfwd } => {
-            if hostfwd.is_empty() {
-                cmd.args([
-                    "-netdev",
-                    "user,id=net0",
-                    "-device",
-                    "virtio-net-pci,netdev=net0",
-                ]);
-            } else {
-                let hostfwd_arg = format!("user,id=net0,hostfwd={}", hostfwd.join(",hostfwd="));
-                cmd.args([
-                    "-netdev",
-                    &hostfwd_arg,
-                    "-device",
-                    "virtio-net-pci,netdev=net0",
-                ]);
+        NetworkMode::User { hostfwd, dns_servers } => {
+            let mut netdev_parts = vec!["user".to_string(), "id=net0".to_string()];
+            
+            // Add DNS servers if specified
+            if let Some(dns_list) = dns_servers {
+                if !dns_list.is_empty() {
+                    let dns_arg = format!("dns={}", dns_list.join(","));
+                    netdev_parts.push(dns_arg);
+                }
             }
+            
+            // Add port forwarding rules
+            for fwd in hostfwd {
+                netdev_parts.push(format!("hostfwd={}", fwd));
+            }
+            
+            let netdev_arg = netdev_parts.join(",");
+            cmd.args([
+                "-netdev",
+                &netdev_arg,
+                "-device",
+                "virtio-net-pci,netdev=net0",
+            ]);
         }
     }
 

crates/kit/src/run_ephemeral.rs

@@ -1229,13 +1229,41 @@ Options=
     qemu_config.add_virtio_serial_out("org.bcvk.journal", "/run/journal.log".to_string(), false);
     debug!("Added virtio-serial device for journal streaming to /run/journal.log");
 
+    // Configure DNS servers from host's /etc/resolv.conf
+    // This fixes DNS resolution issues when QEMU runs inside containers
+    // QEMU's default DNS server (10.0.2.3) may not work when QEMU runs inside a container
+    let dns_servers = crate::qemu::read_dns_servers();
+    if let Some(ref dns) = dns_servers {
+        debug!("Using host DNS servers: {:?}", dns);
+    } else {
+        debug!("No DNS servers found in /etc/resolv.conf, QEMU will use default 10.0.2.3");
+    }
+
+    // Configure DNS servers in network mode before enabling SSH (if needed)
+    if let Some(ref dns) = dns_servers {
+        match &mut qemu_config.network_mode {
+            crate::qemu::NetworkMode::User { dns_servers: dns_opt, .. } => {
+                *dns_opt = Some(dns.clone());
+            }
+        }
+    }
+
     if opts.common.ssh_keygen {
         qemu_config.enable_ssh_access(None); // Use default port 2222
         debug!("Enabled SSH port forwarding: host port 2222 -> guest port 22");
 
         // We need to extract the public key from the SSH credential to inject it via SMBIOS
         // For now, the credential is already being passed via kernel cmdline
         // TODO: Add proper SMBIOS credential injection if needed
+    } else {
+        // Even without SSH, ensure DNS is configured if we have DNS servers
+        if let Some(dns) = dns_servers {
+            match &mut qemu_config.network_mode {
+                crate::qemu::NetworkMode::User { dns_servers: dns_opt, .. } => {
+                    *dns_opt = Some(dns);
+                }
+            }
+        }
     }
 
     // Set main virtiofs configuration for root filesystem (will be spawned by QEMU)