dhclient incompatible with network namespaces using /etc/netns/resolv.conf
name: Bug report about: Create a report to help us improve
Describe the bug
dhclient-script is fails to set /etc/resolv.conf when used in a ip-netns network namespace which is overriding the network namespace /etc/resolv.conf file. This results in partial dhcp configuration for the system (dns information is not set).
To Reproduce
On a linux host, assuming that eth0 exists and is connected to a network which supports dhcp addressing:
mkdir -p /etc/netns/test/
echo "nameserver 1.1.1.1" > /etc/netns/test/resolv.conf
ip netns add test
ip link set eth0 netns test
ip netns exec test cat /etc/resolv.conf
ip netns exec test dhclient /etc/resolv.conf
Note that the dhclient will return a mv
error
Expected behavior
The dhclient procedure should set the /etc/resolv.conf properly within the namespace.
Environment:
- ISC DHCP version 4.4.1
- OS: x86_64 Ubuntu 20.04.4
Additional Information
The dhclient-script file for at least linux (https://gitlab.isc.org/isc-projects/dhcp/-/blob/master/client/scripts/linux) is currently incompatible with configurations of ip-netns (network namespaces) in which ip-netns controls /etc/resolv.conf. This is because ip-netns mounts (and prevents deletion/moving of) a configuration file from /etc/netns/NAMESPACE/resolv.conf at /etc/resolv.conf within the namespace, where NAMESPACE in the path is replaced with the name of the ip-netns network namespace.
When this configuration is being used, the ISC-provided dhclient-script will fail on the mv -f $new_resolv_conf /etc/resolv.conf
operations (text and text) and therefore fails to update the DNS service.
While this may not be purely a ISC-DHCP package issue, a one-to-one behavior fix could be adopted. Instead of using mv -f
, a cp
and rm
command can be used to copy and then remove the temporary resolv.conf file generated by ISC-DHCP. This would neatly implement the fix and allow behavior in both ISC-DHCP and ip-netns to continue without modification.
I've produced an example patch here for the linux script: text
I include the ip-netns reference to the /etc/resolv.conf behavior below for convenience:
text For applications that are aware of network namespaces, the convention is to look for global network configuration files first in /etc/netns/NAME/ then in /etc/. For example, if you want a different version of /etc/resolv.conf for a network namespace used to isolate your vpn you would name it /etc/netns/myvpn/resolv.conf.
ip netns exec automates handling of this configuration, file
convention for network namespace unaware applications, by
creating a mount namespace and bind mounting all of the per
network namespace configure files into their traditional location
in /etc.
Some initial questions
-
Are you sure your feature is not already implemented in the latest ISC DHCP version? yes - this references MASTER branch.
-
Are you sure your requrested feature is not already impemented in Kea? Perhaps it's a good time to consider migration? This behavior should be considered for modified since dhclient is still heavily leveraged in most linux flavors by default
-
Are you sure what you would like to do is not possible using some other mechanisms? ip-netns behavior /could/ be modified but this change does not modify dhclient-script's behavior.
-
Have you discussed your idea on dhcp-users and/or dhcp-workers mailing lists? no
Participating in development
I have produced a patch included above.
Contacting you
Github (Crypt0s) or email (bryanhalf@gmail.com)