Skip to content

Fix DNS resolution in ephemeral guests #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gursewak1997 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix DNS resolution in ephemeral guests #167

gursewak1997 wants to merge 1 commit into from
+180 −17

Conversation

@gursewak1997
Copy link
Collaborator

@gursewak1997 gursewak1997 commented Dec 1, 2025

Configure QEMU user-mode networking to use host DNS servers from /etc/resolv.conf instead of the default 10.0.2.3, which doesn't work when QEMU runs inside containers.

@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch 2 times, most recently from d5e8558 to f693004 Compare December 2, 2025 06:26
cgwalters
cgwalters requested changes Dec 2, 2025
View reviewed changes
Copy link
Collaborator

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this overall if you are; a few nits.

That said, an integration test (run as part of just test-integration ephemeral) would be both easy and IMO mandatory for changes like this.

@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch 8 times, most recently from 542253f to 8b859ad Compare December 2, 2025 23:18
@gursewak1997 gursewak1997 marked this pull request as ready for review December 3, 2025 01:25
cgwalters
cgwalters reviewed Dec 3, 2025
View reviewed changes
@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch 3 times, most recently from dcc3ad4 to 9996db4 Compare December 5, 2025 19:52
@gursewak1997
Copy link
Collaborator Author

gursewak1997 commented Dec 5, 2025
edited
Loading

Network connectivity test (podman pull) failed: stdout: Error: configure storage: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
Can switch to something simpler which doesn't require podman
Edit: Switching the test to use HTTP

@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch from 9996db4 to 5e28fd5 Compare December 5, 2025 21:31
@cgwalters
Copy link
Collaborator

cgwalters commented Dec 5, 2025
edited
Loading

Error: configure storage: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver

Ah yes that relates to #22 - basically all of /var needs to be equivalent to a VOLUME in docker/podman terms - it needs to be copied up to a tmpfs.

cgwalters
cgwalters approved these changes Dec 5, 2025
View reviewed changes
Copy link
Collaborator

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit otherwise looks sane (though I'd reiterate we probably really do want a bigger fix of --net=host per the issue, but this helps for now)

crates/integration-tests/src/tests/run_ephemeral_ssh.rs
"-c",
r#"
for i in $(seq 1 30); do
ip -4 addr show | grep -q "inet " && break
Copy link
Collaborator

@cgwalters cgwalters Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because ssh requires IP networking, I can't think of a scenario in which ssh would work but this could somehow fail. This is likely just dead code.

Copy link
Collaborator Author

@gursewak1997 gursewak1997 Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Updated and removed the dead code there.

@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch from 5e28fd5 to 57af585 Compare December 5, 2025 21:52
@gursewak1997 gursewak1997 linked an issue Dec 5, 2025 that may be closed by this pull request
DNS resolving not working in ephemeral guests #123
Open
@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch from 57af585 to eb89500 Compare December 6, 2025 08:00
@gursewak1997
Copy link
Collaborator Author

gursewak1997 commented Dec 9, 2025

Reworking this PR as I think it will require a few more changes.

@cgwalters cgwalters marked this pull request as draft December 10, 2025 17:35
@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch from eb89500 to 5cf80aa Compare December 10, 2025 18:59
@gursewak1997
Fix DNS resolution in ephemeral guests
3bf0686 
QEMU's slirp reads /etc/resolv.conf from the container namespace,
which contains unreachable bridge DNS servers. On systemd-resolved
hosts, it only has 127.0.0.53 (stub resolver).

Read upstream DNS servers from host's /run/systemd/resolve/resolv.conf,
pass them to the container, and write /etc/resolv.conf before starting QEMU.

Signed-off-by: gursewak1997 <[email protected]>
@gursewak1997 gursewak1997 force-pushed the fix/dns-resolution-ephemeral-guests branch from 5cf80aa to 3bf0686 Compare December 10, 2025 22:25
@gursewak1997 gursewak1997 marked this pull request as ready for review December 10, 2025 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgwalters cgwalters cgwalters approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DNS resolving not working in ephemeral guests

3 participants

@gursewak1997 @cgwalters