fwd: Broaden what we consider for DNS specific forwarding rules

passt/pasta has options to redirect DNS requests from the guest to a different server address on the host side. Currently, however, only UDP packets to port 53 are considered "DNS requests". This ignores DNS requests over TCP - less common, but certainly possible. It also ignores encrypted DNS requests on port 853. Extend the DNS forwarding logic to handle both of those cases. Link: https://github.com/containers/podman/issues/23239 Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Tested-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2025-05-31 21:35:34 +02:00 · 2024-07-24 17:51:12 +10:00 · 2024-07-24 17:51:12 +10:00 · becf81ab88
commit becf81ab88
parent 0ada84e3f8
2 changed files with 21 additions and 7 deletions
--- a/passt.1
+++ b/passt.1
@ -244,11 +244,11 @@ usage of DNS addresses altogether.

 .TP
 .BR \-\-dns-forward " " \fIaddr
-Map \fIaddr\fR (IPv4 or IPv6) as seen from guest or namespace to the first
-configured DNS resolver (with corresponding IP version). Mapping is limited to
-UDP traffic directed to port 53, and DNS answers are translated back with a
-reverse mapping.
-This option can be specified zero to two times (once for IPv4, once for IPv6).
+Map \fIaddr\fR (IPv4 or IPv6) as seen from guest or namespace to the
+first configured DNS resolver (with corresponding IP version). Maps
+only UDP and TCP traffic to port 53 or port 853.  Replies are
+translated back with a reverse mapping.  This option can be specified
+zero to two times (once for IPv4, once for IPv6).

 .TP
 .BR \-S ", " \-\-search " " \fIlist