Skip to content

Document DinD DNS behavior with network-per-build feature

Arran Walkerrequested to merge
docs-dind-dns-networking into main

What does this MR do?

Documents the DNS dind behaviour when network-per-build is enabled, and provides a workaround.

Why was this MR needed?

We cannot solve this in Runner alone, so the resolution is with a docs update to highlight the issue and provide a workaround.

What's the best way to test this MR?

The following job should work:

test:
  image: docker
  variables:
    FF_NETWORK_PER_BUILD: true
  services:
    - name: docker:dind
      command: [--dns=127.0.0.11, --dns=1.1.1.1]
    - nginx:alpine
  script:
    - cat /etc/resolv.conf
    - docker run --rm alpine:latest cat /etc/resolv.conf
    - docker run --rm alpine:latest wget https://bbc.co.uk
    - docker run --rm --network=host alpine:latest wget https://bbc.co.uk
    - docker run --rm --network=host alpine:latest wget http://nginx

Ideally, a firewall rule blocking 8.8.8.8 and 8.8.4.4 would be present in the test. But these entries not being seen in resolv.conf is also a heavy indicator that this is now functioning.

What are the relevant issue numbers?

Closes #27867 (closed)

Merge request reports