Assigns default nameserver in sandbox service. (#276)

jglogan · web-flow · commit 75e92853e3f1 · 2025-07-01T10:03:23.000-07:00
* Closes #148. * Storing the default nameserver in the bundle config means that DNS won't work if the container stops and then restarts later when the subnet address has changed.
diff --git a/Sources/ContainerClient/Utility.swift b/Sources/ContainerClient/Utility.swift
@@ -169,21 +169,12 @@ public struct Utility {
             networkStatuses.append(networkStatus)
         }
 
-        let nameservers: [String]
-        if management.dnsNameservers.isEmpty {
-            let subnet = try CIDRAddress(networkStatuses[0].address)
-            let nameserver = IPv4Address(fromValue: subnet.lower.value + 1).description
-            nameservers = [nameserver]
-        } else {
-            nameservers = management.dnsNameservers
-        }
-
         if management.dnsDisabled {
             config.dns = nil
         } else {
             let domain = management.dnsDomain ?? ClientDefaults.getOptional(key: .defaultDNSDomain)
             config.dns = .init(
-                nameservers: nameservers,
+                nameservers: management.dnsNameservers,
                 domain: domain,
                 searchDomains: management.dnsSearchDomains,
                 options: management.dnsOptions
diff --git a/Sources/Services/ContainerSandboxService/SandboxService.swift b/Sources/Services/ContainerSandboxService/SandboxService.swift
@@ -82,13 +82,26 @@ public actor SandboxService {
                 bootlog: bundle.bootlog.path,
                 logger: self.log
             )
-            let config = try bundle.configuration
+            var config = try bundle.configuration
             let container = LinuxContainer(
                 config.id,
                 rootfs: try bundle.containerRootfs.asMount,
                 vmm: vmm,
                 logger: self.log
             )
+
+            // dynamically configure the DNS nameserver from a network if no explicit configuration
+            if let dns = config.dns, dns.nameservers.isEmpty {
+                if let nameserver = try await self.getDefaultNameserver(networks: config.networks) {
+                    config.dns = ContainerConfiguration.DNSConfiguration(
+                        nameservers: [nameserver],
+                        domain: dns.domain,
+                        searchDomains: dns.searchDomains,
+                        options: dns.options
+                    )
+                }
+            }
+
             try await self.configureContainer(container: container, config: config)
 
             let fqdn: String
@@ -641,6 +654,19 @@ public actor SandboxService {
         configureInitialProcess(container: container, process: config.initProcess)
     }
 
+    private func getDefaultNameserver(networks: [String]) async throws -> String? {
+        for network in networks {
+            let client = NetworkClient(id: network)
+            let state = try await client.state()
+            guard case .running(_, let status) = state else {
+                continue
+            }
+            return status.gateway
+        }
+
+        return nil
+    }
+
     private func configureInitialProcess(container: LinuxContainer, process: ProcessConfiguration) {
         container.arguments = [process.executable] + process.arguments
         container.environment = modifyingEnvironment(process)
