Skip to content

Configure IPv6 DNS server using router advertisements.#525

Open
jglogan wants to merge 3 commits into
apple:mainfrom
jglogan:ipv6-dnsserver
Open

Configure IPv6 DNS server using router advertisements.#525
jglogan wants to merge 3 commits into
apple:mainfrom
jglogan:ipv6-dnsserver

Conversation

@jglogan

@jglogan jglogan commented Feb 8, 2026

Copy link
Copy Markdown
Contributor
  • Closes [Request]: IPv6: allow DNS configuration update after container.create(). #466.
  • Adds a DNSMonitor that listens for router advertisements and updates the resolv.conf with the IPv6 address of the DNS server found in the RDNSS option, if present.
  • The monitor runs if any of the configurations registered via configureDns have enableRDNSSMonitor set to true, and stops if all are false.
  • The monitor removes the IPv6 server from resolv.conf when either
    • the monitor stops.
    • the current RA expires.
  • Adds updateDNS() to LinuxContainer and LinuxPod; we use these in the integration tests to ensure the server removal logic works.
  • The configureDns function now calls DNSMonitor.update() to write the initial configuration.
  • The monitor does not block container workload startup. IPv6-only containers will need to tolerate the initial lack of a DNS server.
@jglogan

jglogan commented Feb 8, 2026

Copy link
Copy Markdown
Contributor Author

Example

container run --name foo -it --rm alpine cat /etc/resolv.conf
Warning! Running debug build. Performance may be degraded.
nameserver 192.168.64.1
nameserver fe80::603e:5fff:fe94:4e65
domain test

Performance impact of blocking implementation

Baseline (no IPv6 DNS configuration):

container run --name foo -it --rm alpine date  0.09s user 0.03s system 11% cpu 0.992 total
container run --name foo -it --rm alpine date  0.08s user 0.03s system 12% cpu 0.871 total
container run --name foo -it --rm alpine date  0.09s user 0.04s system 12% cpu 0.949 total
container run --name foo -it --rm alpine date  0.09s user 0.03s system 13% cpu 0.899 total
container run --name foo -it --rm alpine date  0.08s user 0.03s system 12% cpu 0.904 total

With IPv6 DNS initialization in configureDns, first container (vmnet network not started):

container run --name foo -it --rm alpine date  0.10s user 0.07s system 3% cpu 4.432 total
container run --name foo -it --rm alpine date  0.10s user 0.07s system 3% cpu 4.473 total
container run --name foo -it --rm alpine date  0.10s user 0.07s system 3% cpu 4.338 total
container run --name foo -it --rm alpine date  0.10s user 0.07s system 3% cpu 4.444 total
container run --name foo -it --rm alpine date  0.10s user 0.06s system 4% cpu 4.012 total

With IPv6 DNS, second container (vmnet network already started):

container run --name foo -it --rm alpine date  0.09s user 0.05s system 4% cpu 2.929 total
container run --name foo -it --rm alpine date  0.09s user 0.05s system 4% cpu 2.952 total
container run --name foo -it --rm alpine date  0.10s user 0.06s system 3% cpu 3.990 total
container run --name foo -it --rm alpine date  0.09s user 0.06s system 5% cpu 2.896 total
container run --name foo -it --rm alpine date  0.09s user 0.05s system 5% cpu 2.790 total
@jglogan jglogan added this to the 2026-02 milestone Feb 11, 2026
@jglogan jglogan self-assigned this Feb 11, 2026
@jglogan jglogan modified the milestones: 2026-02, 2026-03 Feb 20, 2026
- Closes apple#466.
- Adds a `DNSMonitor` that listens for router
  advertisements and updates the resolv.conf
  with the IPv6 DNS server.
- The `configureDns` function now calls
  `DNSMonitor.update()` to write the initial
  configuration.
- The monitor does not block container workload
  startup. IPv6-only containers will need to
  tolerate the initial lack of a DNS server.
@jglogan jglogan removed this from the 2026-03 milestone Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant