Breaks DNS resolution within containers

[hydrargyrum]

What is Happening

Without DPS:

% docker run --rm -it alpine nslookup docker.io
[…]

Non-authoritative answer:
Name:   docker.io
Address: 34.206.129.162
Name:   docker.io
Address: 54.145.113.149
[…]
% docker run --rm -it alpine getent hosts docker.io
54.145.113.149    docker.io  docker.io
[…]
% docker run --rm -it debian getent hosts docker.io
52.87.84.72     docker.io
[…]

While DPS is running (wait a few seconds):

% docker run --rm -it alpine nslookup docker.io
nslookup: bad address '172.24.0.2 # dps-entry'
% time docker run --rm -it alpine getent hosts docker.io || echo failed with $?
docker run --rm -it alpine getent hosts docker.io  0,03s user 0,02s system 0% cpu 10,803 total
failed with 2
% time docker run --rm -it debian getent hosts docker.io || echo failed with $?
docker run --rm -it debian getent hosts docker.io  0,02s user 0,03s system 0% cpu 40,797 total
failed with 2

As soon as I quit DPS, containers can resolve hosts again.

What is expected

DNS resolution should work fine in containers regardless of DPS being run.

Steps to Reproduce

• I'm using this docker-compose.yml to run DPS:

version: '3'
services:
  dns:
    image: defreitas/dns-proxy-server
    hostname: dns.mageddo
    environment:
      - MG_REGISTER_CONTAINER_NAMES=1
      - MG_RESOLVCONF=/host/etc/resolv.conf
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      #- /etc/resolv.conf:/etc/resolv.conf
      # this is because some app on host will periodically overwrite resolve.conf
      - /etc:/host/etc

• Then, docker run --rm -it alpine nslookup docker.io should expose the problem

Specs:

• OS: Debian stable
• Docker Version: 20.10.5+dfsg1
• DPS Version: 2.19.0