libnetwork: sandbox.rebuildDNS() make updating sandbox more atomic

Don't update external resolvers until after we successfully parsed all options.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

libnetwork/sandbox_dns_unix.go

@@ -365,10 +365,6 @@ func (sb *sandbox) rebuildDNS() error {
 		return err
 	}
 
-	if len(sb.extDNS) == 0 {
-		sb.setExternalResolvers(currRC, resolvconf.IPv4, false)
-	}
-
 	// If the user config and embedded DNS server both have ndots option set,
 	// remember the user's config so that unqualified names not in the docker
 	// domain can be dropped.
@@ -403,6 +399,9 @@ dnsOpt:
 		// Ref: https://linux.die.net/man/5/resolv.conf
 		dnsOptionsList = append(dnsOptionsList, resOptions...)
 	}
+	if len(sb.extDNS) == 0 {
+		sb.setExternalResolvers(currRC, resolvconf.IPv4, false)
+	}
 
 	var (
 		// external v6 DNS servers have to be listed in resolv.conf