containers / netavark

As per the current implementation, it seems that the nameservers in the container's /etc/resolv.conf are copied from the host's /etc/resolv.conf. It would be nice if netavark-dhcp-proxy somehow assigned to each container the DNS servers provided by their respective DHCP requests.

This would play really nice with scenarios where the host is in a different VLAN+subnet (e.g. management VLAN) than the containers (e.g. services VLAN) and each VLAN has its own DHCP server with different advertised DNS server.

Yeah that should be possible to do, are you interested in opening a PR to fix it?

Yes I could give it a try. Could you guide me on where the main changes should be? Does netavark currently provide the DNS to podman? If so, I suppose I need to modify just netavark to provide the correct DNS from the DHCP lease? Or do I need to make changes to podman too?

The core infra for sending the dns servers back to podman is already there.
You would only need to change get_dhcp_lease() to also return the dns servers (the should already be part of the lease)

netavark/src/network/macvlan_dhcp.rs

Line 28 in 73946c8

pub fn get_dhcp_lease(

Then just set response.dns_server_ips = ... were it is called to add the servers to the response. This is then send to podman and podman knows how to configure resolv.conf based on this. Also we would need to ensure podman run --dns ... will still take precedent over the dhcp response.

Nice, I'll try to get into it this week!

Also we would need to ensure podman run --dns ... will still take

precedent over the dhcp response. I suppose we should check podman sources for that?

DHCP proxy doesn't set advertised DNS servers