Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: allow IPv6 DNS #378

Closed
wants to merge 8 commits into from
Closed

Feature: allow IPv6 DNS #378

wants to merge 8 commits into from

Conversation

1yam
Copy link
Collaborator

@1yam 1yam commented Jul 13, 2023

No description provided.

@1yam 1yam requested a review from odesenfans July 13, 2023 11:31
odesenfans
odesenfans requested changes Jul 13, 2023
View reviewed changes
vm_supervisor/vm/firecracker/program.py Outdated
@@ -388,9 +390,13 @@ async def _setup_configuration(
ipv6 = self.get_vm_ipv6()
ipv6_gateway = self.get_vm_ipv6_gateway()

if not settings.DNS_NAMESERVERS:
dns_servers = settings.DNS_NAMESERVERS
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be great to have a dns_servers() method in Settings that uses ipaddress to perform the conversion to `IPv4/IPv6 address objects only once.

@odesenfans odesenfans changed the title Fix: Ipv6 filtering Feature: allow IPv6 DNS Jul 13, 2023
@odesenfans odesenfans marked this pull request as ready for review July 13, 2023 22:16
hoh
hoh reviewed Aug 28, 2023
View reviewed changes
vm_supervisor/conf.py Outdated
@@ -285,6 +285,19 @@ def display(self) -> str:
f"{attribute:<27} = {value}" for attribute, value in attributes.items()
)

def dns_servers(self, ipv4_only: bool) -> Optional[List[str]]:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is there no explaination on what this function does as docstring ?

vm_supervisor/conf.py Outdated
if not dns_servers:
raise ValueError("Invalid configuration: DNS nameservers missing")

# Apply DNS IPv6 filtering here if needed
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does "DNS IPv6 filtering" mean and why do it ?

vm_supervisor/vm/firecracker/program.py Outdated

if not settings.DNS_NAMESERVERS:
raise ValueError("Invalid configuration: DNS nameservers missing")
dns_servers = settings.dns_servers(False)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can a node operator disable DNS servers for tests ?

@hoh hoh assigned 1yam Sep 18, 2023
@hoh hoh requested a review from olethanh October 31, 2023 12:53
olethanh
olethanh requested changes Oct 31, 2023
View reviewed changes
Copy link
Collaborator

@olethanh olethanh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I'm new here so I'm missing a lot of context, could you please explain to me what problem this is resolving and how the new feature is used?

@odesenfans
Copy link
Collaborator

@olethanh This re-enables IPv6 DNS inside VMs. For a while, VMs only supported IPv4 networking and could therefore not reach IPv6 DNS. As we copied the list of DNS from the host, it could happen that the host used an IPv6 DNS, meaning that the VM would not be able to resolve domain names. Long story short, we simply filtered out IPv6 DNS. This PR removes this workaround.

@olethanh
Copy link
Collaborator

olethanh commented Nov 1, 2023

@odesenfans Thanks for the answer but I still don't understand. I cannot find in the code in the main branch where the filtering was done before and where it is removed now?
Also shouldn't the filtering be done on the basis of whether ipv6 is enabled for the VM then?

olethanh
olethanh reviewed Nov 1, 2023
View reviewed changes
vm_supervisor/conf.py
Comment on lines -311 to -313
if not self.NETWORK_INTERFACE:
self.NETWORK_INTERFACE = get_default_interface()

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that intender or was this removed by error ?

@odesenfans
Copy link
Collaborator

@olethanh The filtering is performed here. Seems like a lot of code has moved since this PR was opened so a rebase is much needed.

Regarding your other comment, you are right that this should be done on a per-VM config, checking first if the supervisor configuration allows for it and then whether the VM runtime supports IPv6.

@olethanh olethanh mentioned this pull request Nov 7, 2023
Merged
@MHHukiewitz
Copy link
Member

Superseded by #455

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hoh hoh hoh left review comments

@olethanh olethanh olethanh requested changes

@odesenfans odesenfans odesenfans requested changes

Assignees

@1yam 1yam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@1yam @odesenfans @olethanh @MHHukiewitz @hoh