Page MenuHomeVyOS Platform
Create Task
Maniphest T6701

Add support for disabling built-in DNS for containers
In progress, LowPublicFEATURE REQUEST
Actions

Description

In the current 1.5 code base, the container network sets dns_enable to true by default. This binds UDP port 53 to the network interface created for the container network. If a container wanted to run a DNS server using that port you would need to have dns_enable set to false when the container network is created.

I propose added a new configuration for the container network "disable-dns" to set the dns_enable to false (defaulting to true for backwards compatibility).

set container network PODNET disable-dns

I've make changes on my forked version of vyos-1x and have tested it to work. I will also submit a PR with the change.

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Event Timeline

dvogel created this task.Sep 5 2024, 6:31 PM
dvogel created this object in space S1 VyOS Public.
pasik subscribed.Sep 5 2024, 6:47 PM
c-po changed the task status from Open to In progress.Sep 6 2024, 5:29 AM
c-po assigned this task to dvogel.
c-po added projects: VyOS Rolling, VyOS 1.4 Sagitta (1.4.1).
Viacheslav changed the subtype of this task from "Task" to "Feature Request".Sep 6 2024, 6:54 AM
Restricted Repository Identity mentioned this in rVYOSONEX4d2d4311f12c: Merge pull request #4032 from dvlogic/Allow_Container_DNS_Disable.Sep 12 2024, 5:26 AM
c-po mentioned this in rVYOSONEX1d5625d572cc: container: T6701: add support to disable container network DNS support.Sep 12 2024, 5:26 AM
Restricted Repository Identity mentioned this in rVYOSONEX2ea1152f3053: container: T6701: add support to disable container network DNS support.Sep 12 2024, 5:27 AM
Restricted Repository Identity mentioned this in rVYOSONEX0fda7ea95167: container: T6701: add support to disable container network DNS support.
Restricted Repository Identity mentioned this in rVYOSONEX9652bfda0a7f: Merge pull request #4053 from vyos/mergify/bp/circinus/pr-4032.Sep 12 2024, 12:43 PM
Restricted Repository Identity mentioned this in rVYOSONEX7b9ac5278bed: container: T6701: add support to disable container network DNS support (#4052).Sep 13 2024, 3:18 PM
syncer removed a project: VyOS 1.4 Sagitta (1.4.1).Nov 1 2024, 8:02 PM
syncer removed a project: VyOS 1.5 Circinus.
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
dmbaturin renamed this task from Containers - disable container network built in DNS plugin to Add support for disabling built-in DNS for containers.Dec 6 2024, 12:01 PM
dmbaturin added projects: VyOS 1.4 Sagitta (1.4.1), VyOS 1.5 Circinus.
dmbaturin changed Issue type from improvement to Feature (new functionality).
dmbaturin moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.1) board.Dec 6 2024, 2:19 PM