No default nameservers for internal resolver

Don't fall-back to Google's DNS servers in a network that has an
internal resolver.

Now the default bridge uses the internal resolver, the only reason a
network started by the daemon should end up without any upstream
servers is if the host's resolv.conf doesn't list any.  In this case,
the '--dns' option can be used to explicitly configure nameservers
for a container if necessary.

(Note that buildkit's containers do not have an internal resolver, so
they will still set up Google's nameservers if the host has no
resolvers that can be used in the container's namespace.)

Signed-off-by: Rob Murray <rob.murray@docker.com>

libnetwork/internal/resolvconf/resolvconf.go

@@ -270,16 +270,6 @@ func (rc *ResolvConf) TransformForIntNS(
 	}
 	rc.nameServers = newNSs
 
-	// If there are no external nameservers, and the only nameserver left is the
-	// internal resolver, use the defaults as ext nameservers.
-	if len(rc.md.ExtNameServers) == 0 && len(rc.nameServers) == 1 {
-		log.G(context.TODO()).Info("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers")
-		for _, addr := range defaultNSAddrs(ipv6) {
-			rc.md.ExtNameServers = append(rc.md.ExtNameServers, ExtDNSEntry{Addr: addr})
-		}
-		rc.md.UsedDefaultNS = true
-	}
-
 	// For each option required by the nameserver, add it if not already present. If
 	// the option is already present, don't override it. Apart from ndots - if the
 	// ndots value is invalid and an ndots option is required, replace the existing

libnetwork/internal/resolvconf/resolvconf_test.go

@@ -432,24 +432,9 @@ func TestRCTransformForIntNS(t *testing.T) {
 			},
 		},
 		{
-			name:  "No host nameserver, no iv6",
-			input: "",
-			ipv6:  false,
-			expExtServers: []ExtDNSEntry{
-				mke("8.8.8.8", false),
-				mke("8.8.4.4", false),
-			},
-		},
-		{
-			name:  "No host nameserver, iv6",
+			name:  "No host nameserver",
 			input: "",
 			ipv6:  true,
-			expExtServers: []ExtDNSEntry{
-				mke("8.8.8.8", false),
-				mke("8.8.4.4", false),
-				mke("2001:4860:4860::8888", false),
-				mke("2001:4860:4860::8844", false),
-			},
 		},
 		{
 			name:          "ndots present and required",

libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_iv6.golden

@@ -1,6 +0,0 @@
-nameserver 127.0.0.11
-
-# Based on host file: '/etc/resolv.conf' (internal resolver)
-# Used default nameservers.
-# ExtServers: [8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844]
-# Overrides: []

libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_no_iv6.golden → libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver.golden

@@ -1,6 +1,4 @@
 nameserver 127.0.0.11
 
 # Based on host file: '/etc/resolv.conf' (internal resolver)
-# Used default nameservers.
-# ExtServers: [8.8.8.8 8.8.4.4]
 # Overrides: []