Can't resolve from outside of containers. #508
Assignees
Comments
|
We generally never really considered/supported the use case of resolving the names from the host directly. I think I "broke" this in my rework (not intentionally) so if it worked before we can add it back if it is useful |
|
It's useful for me, for example with ssh passing through to gitea. I just have aardvark-dns as additional resolver for some names in dnsmasq. Host can get ip address of the container to connect, and I don't have to maintain static ip list for every service container i have. Pretty convenient to have it. |
Luap99
added a commit
to Luap99/aardvark-dns
that referenced
this issue
Sep 19, 2024
In my rework it seems I broke the weird way how we tried to resolve names when we have no source ip match. Let's do this properly and move the logic all into lookup() which makes it much cleaner and no duplication needed. Now there is catch here, we only lookup the network for the current network listener, so if the user has multiple networks they always must target the requests against the correct ip depeding on what network the name is in. But this is the same as it worked before and seems safer than allowing a unknown ip to access all names I guess. Fixes containers#508 Signed-off-by: Paul Holzinger <[email protected]>
Luap99
added a commit
to Luap99/aardvark-dns
that referenced
this issue
Sep 19, 2024
In my rework it seems I broke the weird way how we tried to resolve names when we have no source ip match. Let's do this properly and move the logic all into lookup() which makes it much cleaner and no duplication needed. Now there is catch here, we only lookup the network for the current network listener, so if the user has multiple networks they always must target the requests against the correct ip depeding on what network the name is in. But this is the same as it worked before and seems safer than allowing a unknown ip to access all names I guess. Fixes containers#508 Signed-off-by: Paul Holzinger <[email protected]>
Luap99
added a commit
to Luap99/aardvark-dns
that referenced
this issue
Sep 20, 2024
In my rework it seems I broke the weird way how we tried to resolve names when we have no source ip match. Let's do this properly and move the logic all into lookup() which makes it much cleaner and no duplication needed. Now there is catch here, we only lookup the network for the current network listener, so if the user has multiple networks they always must target the requests against the correct ip depeding on what network the name is in. But this is the same as it worked before and seems safer than allowing a unknown ip to access all names I guess. Fixes containers#508 Signed-off-by: Paul Holzinger <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With version 1.12.0 I can't get results from aardvark-dns directly from host system. Downgrade to 1.11.0 fixes it. It works correctly when accessing from container.
With v1.11.0:
With v1.12.2, same config:
Is that expected behaviour now? Or is it configurable (using podman config)?
The text was updated successfully, but these errors were encountered: