zos icon indicating copy to clipboard operation
zos copied to clipboard
verified publisher icon threefoldtech

Public DNS requirement for public namespace

Open coesensbert opened this issue 3 years ago • 4 comments

It seems that a DNS server that is used by ZOS is acquired by the DHCP via the dmz interface. The DNS is stored in /etc/resolv.conf and also used by the public namespace.

While fixing yggdrasil related issues we discovered that if a ZOS node has a public config and a private DNS IP is used, the public namespace can't resolve. The request from the public ns will exit the public interface which can't reach the internal DNS. In this case this resulted in 0 peers for yggdrasil (which run's in the public ns).

We could:

  • Make a public dns (via the internal DHCP) a requirement for farmers if they set a public config
  • Make entering a public dns a requirement when setting public config on the chain

coesensbert avatar Aug 04 '22 09:08 coesensbert

I would default for a standard public IP like 8.8.8.8 and 9.9.9.9 to make sure we don't overlap with private nets. But: it's actually simple : we start ygg with an ip netns exec command, so the ip command also bindmounts /etc/netns/public to /etc/ in the ns for the exec'd command. So 'just' creating a file /etc/netns/public/resolv.conf with

nameserver 8.8.8.8
nameserver 9.9.9.9

will automatically run yggdrasil with that file exposed as /etc/resolv.conf

Now choosing where to place that file in the /etc/netns/public dir is up for debate: being done by networkd or provide it in the image. We can eventually give a farmer the option to add a custom dns, but that then would require a full stack adaptaion, and then best would be done by networkd

delandtj avatar Aug 04 '22 10:08 delandtj 

mkdir /etc/netns/public
echo -n "nameserver 8.8.8.8\nnameserver 9.9.9.9\n" > /etc/netns/public/resolv.conf
ip netns exec public ash
cat /etc/resolv.conf

delandtj avatar Aug 04 '22 10:08 delandtj

thinking more about it, we can do the same for ndmz, where :

if ndmz has public ipv6 but no public ipv4:
   create `/etc/netns/ndmz/resolv.conf` with ipv4 part of host resolv.conf
   add ipv6 public nameservers to the same file

delandtj avatar Aug 04 '22 10:08 delandtj

@delandtj yeah, I did already (still in an open PR) for ndmz a long time ago. May be you can review this and see if we should merge it. But I do that via the udhcp script. this way the dns (of dmz) will be set as configured by the dhcp

Check it here https://github.com/threefoldtech/zos/pull/1708/files#diff-f7a9689b964a814102c9667aa84b410c84337249febfb37b0daa1f08aafbb81f

muhamadazmy avatar Aug 09 '22 10:08 muhamadazmy