No default nameservers for internal resolver

Don't fall-back to Google's DNS servers in a network that has an internal resolver. Now the default bridge uses the internal resolver, the only reason a network started by the daemon should end up without any upstream servers is if the host's resolv.conf doesn't list any. In this case, the '--dns' option can be used to explicitly configure nameservers for a container if necessary. (Note that buildkit's containers do not have an internal resolver, so they will still set up Google's nameservers if the host has no resolvers that can be used in the container's namespace.) Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-03-20 18:04:36 +00:00 · 2024-03-20 18:04:36 +00:00 · 6b8bdde5c4
commit 6b8bdde5c4
parent 6924f2c066
4 changed files with 1 additions and 34 deletions
--- a/libnetwork/internal/resolvconf/resolvconf.go
+++ b/libnetwork/internal/resolvconf/resolvconf.go
@ -270,16 +270,6 @@ func (rc *ResolvConf) TransformForIntNS(
 	}
 	rc.nameServers = newNSs

-	// If there are no external nameservers, and the only nameserver left is the
-	// internal resolver, use the defaults as ext nameservers.
-	if len(rc.md.ExtNameServers) == 0 && len(rc.nameServers) == 1 {
-		log.G(context.TODO()).Info("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers")
-		for _, addr := range defaultNSAddrs(ipv6) {
-			rc.md.ExtNameServers = append(rc.md.ExtNameServers, ExtDNSEntry{Addr: addr})
-		}
-		rc.md.UsedDefaultNS = true
-	}
-
 	// For each option required by the nameserver, add it if not already present. If
 	// the option is already present, don't override it. Apart from ndots - if the
 	// ndots value is invalid and an ndots option is required, replace the existing
--- a/libnetwork/internal/resolvconf/resolvconf_test.go
+++ b/libnetwork/internal/resolvconf/resolvconf_test.go
@ -432,24 +432,9 @@ func TestRCTransformForIntNS(t *testing.T) {
 			},
 		},
 		{
-			name:  "No host nameserver, no iv6",
-			input: "",
-			ipv6:  false,
-			expExtServers: []ExtDNSEntry{
-				mke("8.8.8.8", false),
-				mke("8.8.4.4", false),
-			},
-		},
-		{
-			name:  "No host nameserver, iv6",
+			name:  "No host nameserver",
 			input: "",
 			ipv6:  true,
-			expExtServers: []ExtDNSEntry{
-				mke("8.8.8.8", false),
-				mke("8.8.4.4", false),
-				mke("2001:4860:4860::8888", false),
-				mke("2001:4860:4860::8844", false),
-			},
 		},
 		{
 			name:          "ndots present and required",
--- a/libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_iv6.golden
+++ b/libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_iv6.golden
@ -1,6 +0,0 @@
-nameserver 127.0.0.11
-
-# Based on host file: '/etc/resolv.conf' (internal resolver)
-# Used default nameservers.
-# ExtServers: [8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844]
-# Overrides: []
--- a/libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_no_iv6.golden
+++ b/libnetwork/internal/resolvconf/testdata/TestRCTransformForIntNS/No_host_nameserver,_no_iv6.golden
@ -1,6 +1,4 @@
 nameserver 127.0.0.11

 # Based on host file: '/etc/resolv.conf' (internal resolver)
-# Used default nameservers.
-# ExtServers: [8.8.8.8 8.8.4.4]
 # Overrides: []