netavark: only use aardvark ip as nameserver

Since commit 06241077cc we use the aardvark per container dns functionality. This means we should only have the aardvark ip in resolv.conf otherwise the client resolver could skip aardvark, thus ignoring the special dns option for this container. Fixes #17499 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-08-06 11:32:07 +08:00 · 2023-02-20 14:36:34 +01:00
parent 37352a0c8c
commit 9dc730d9f3
2 changed files with 6 additions and 2 deletions
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -2048,7 +2048,11 @@ func (c *Container) generateResolvConf() error {
 	// If the user provided dns, it trumps all; then dns masq; then resolv.conf
 	keepHostServers := false
 	if len(nameservers) == 0 {
-		keepHostServers = true
+		// when no network name servers or not netavark use host servers
+		// for aardvark dns we only want our single server in there
+		if len(networkNameServers) == 0 || networkBackend != string(types.Netavark) {
+			keepHostServers = true
+		}
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
 		// slirp4netns has a built in DNS forwarder.