DNS Resolution Broken Behind VPN on Windows and Possibly Unix #466
Assignees
Comments
Merged
|
We decided to revert PR #339 in Revert PR #339 #467 |
Luap99
added a commit
to Luap99/libpod
that referenced
this issue
Feb 3, 2025
The current macos installer gvproxy version has a number of issues around dns handling[1,2]. They should be fixed now in 0.8.3 as they reverted the dns changes back to the 0.7.5 code. This should make it work like it used to be. Our 5.3.2 installer ships the 0.7.5 version so users of the podman installer never noticed that but we got plenty of reports from brew users. This needs to be backported into v5.4 to make sure we do not ship the broken version as part of the installer. [1] containers/gvisor-tap-vsock#462 [2] containers/gvisor-tap-vsock#466 Signed-off-by: Paul Holzinger <[email protected]>
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/podman
that referenced
this issue
Feb 3, 2025
The current macos installer gvproxy version has a number of issues around dns handling[1,2]. They should be fixed now in 0.8.3 as they reverted the dns changes back to the 0.7.5 code. This should make it work like it used to be. Our 5.3.2 installer ships the 0.7.5 version so users of the podman installer never noticed that but we got plenty of reports from brew users. This needs to be backported into v5.4 to make sure we do not ship the broken version as part of the installer. [1] containers/gvisor-tap-vsock#462 [2] containers/gvisor-tap-vsock#466 Signed-off-by: Paul Holzinger <[email protected]>
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this issue
Feb 10, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lima-vm/lima](https://github.com/lima-vm/lima) | patch | `v1.0.4` -> `v1.0.5` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lima-vm/lima (lima-vm/lima)</summary> ### [`v1.0.5`](https://github.com/lima-vm/lima/releases/tag/v1.0.5) [Compare Source](lima-vm/lima@v1.0.4...v1.0.5) #### Changes - `limactl` CLI: - Fix start command: return error early when instance already exists ([#​3144](lima-vm/lima#3144), thanks to [@​jandubois](https://github.com/jandubois)) - DNS: - Fix a regression containers/gvisor-tap-vsock#466 ([#​3189](lima-vm/lima#3189)) - QEMU: - Enable SME on macOS 15.3 running on M4 ([#​3197](lima-vm/lima#3197), [#​3203](lima-vm/lima#3203), thanks to [@​jandubois](https://github.com/jandubois)) Full changes: https://github.com/lima-vm/lima/milestone/55?closed=1 Thanks to [@​alexandear](https://github.com/alexandear) [@​arixmkii](https://github.com/arixmkii) [@​jandubois](https://github.com/jandubois) [@​msgilligan](https://github.com/msgilligan) [@​olamilekan000](https://github.com/olamilekan000) [@​rfay](https://github.com/rfay) [@​s1gnate-sync](https://github.com/s1gnate-sync) #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/13195714188 The sha256sum of the SHA256SUMS file itself is `d31365f1da7802a63c86b1e1609a19c1ce92244a4e6824d924a896b6c12810b0` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjIuMyIsInVwZGF0ZWRJblZlciI6IjM5LjE2Mi4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DNS resolution is broken behind a VPN on Windows (and possibly Unix) after version v0.7.5, likely due to recent changes made in the DNS package. The problem stems from a refactor PR #339 that simplified the DNS resolution logic, inadvertently breaking functionality for systems relying on VPN-based DNS configurations.
Root Cause:
The issue appears to be related to a new approach introduced in the DNS package that queries DNS nameservers using the following function:
gvisor-tap-vsock/pkg/services/dns/dns_config_windows.go
Line 23 in c9dd0cb
However, this function on Windows always returns a default nameserver (
8.8.8.8), which fails to resolve DNS queries within the VPN. Furthermore, this approach does not account for the fact that VPN network adapters on both Windows and Unix-based systems may not configure DNS servers at the adapter level. This makes the function call ineffective.Previous Behavior (v0.7.5 and earlier):
Prior to v0.7.5, the DNS package used Go’s
net.Resolver, which worked reliably on both Windows and Unix systems. This approach called the appropriate system-level APIs (e.g.,getaddrinfoon Unix orDnsQueryon Windows) and respected the DNS configuration set by the active VPN, ensuring correct resolution.Proposed Solution:
I propose that we revert the DNS lookup mechanism on Windows to the previous behavior (prior to v0.8.0). Specifically, we should restore the old DNS resolution logic in
dns_config_windows.goto ensure DNS resolution works correctly behind VPNs on Windows.If you are open to this change, I am happy to submit a PR with the suggested updates.
Note: the issue #464 is possibly caused by this.
The text was updated successfully, but these errors were encountered: