github-starred/olm
2
0
Fork 0
mirror of https://github.com/fosrl/olm.git synced 2026-05-06 02:37:55 -05:00
Code Issues 61 Packages Projects Releases 15 Wiki Activity

[GH-ISSUE #59] Olm in docker does not override DNS #53

New Issue
Closed
opened 2026-04-13 01:13:39 -05:00 by GiteaMirror · 8 comments
GiteaMirror commented 2026-04-13 01:13:39 -05:00
Owner
Copy Link

Originally created by @JobDoesburg on GitHub (Dec 12, 2025).
Original GitHub issue: https://github.com/fosrl/olm/issues/59

Describe the Bug

I run Olm in docker on some of my machines with network_mode host. However, this doesnt properly override DNS

services:
  olm:
    image: fosrl/olm:1.2.0
    container_name: olm
    restart: unless-stopped
    network_mode: host
    environment:
      - PANGOLIN_ENDPOINT=${PANGOLIN_ENDPOINT}
      - OLM_ID=${OLM_ID}
      - OLM_SECRET=${OLM_SECRET}
      - OVERRIDE_DNS=true
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    devices:
      - /dev/net/tun:/dev/net/tun

Environment

  • OS Type & Version: Ubuntu 22.04
  • Pangolin Version: 1.13
  • Gerbil Version: 1.3.0
  • Traefik Version: v3.6.4
  • Newt Version: 1.7.0
  • Olm Version: 1.2.0

To Reproduce

Run olm in docker as shown above.
Then try to resolve an internal DNS alias on the host machine.

Expected Behavior

Resolving should work

Originally created by @JobDoesburg on GitHub (Dec 12, 2025). Original GitHub issue: https://github.com/fosrl/olm/issues/59 ### Describe the Bug I run Olm in docker on some of my machines with network_mode host. However, this doesnt properly override DNS ```yml services: olm: image: fosrl/olm:1.2.0 container_name: olm restart: unless-stopped network_mode: host environment: - PANGOLIN_ENDPOINT=${PANGOLIN_ENDPOINT} - OLM_ID=${OLM_ID} - OLM_SECRET=${OLM_SECRET} - OVERRIDE_DNS=true cap_add: - NET_ADMIN - SYS_MODULE devices: - /dev/net/tun:/dev/net/tun ``` ### Environment - OS Type & Version: Ubuntu 22.04 - Pangolin Version: 1.13 - Gerbil Version: 1.3.0 - Traefik Version: v3.6.4 - Newt Version: 1.7.0 - Olm Version: 1.2.0 ### To Reproduce Run olm in docker as shown above. Then try to resolve an internal DNS alias on the host machine. ### Expected Behavior Resolving should work
GiteaMirror commented 2026-04-13 01:13:41 -05:00
Author
Owner
Copy Link

@JobDoesburg commented on GitHub (Dec 12, 2025):

I do get

INFO: 2025/12/12 09:43:38 DNS proxy started on 100.96.128.1:53
INFO: 2025/12/12 09:43:38 Detected DNS manager: file
INFO: 2025/12/12 09:43:38 Using file-based DNS configurator
INFO: 2025/12/12 09:43:38 Current DNS servers: [127.0.0.53]
INFO: 2025/12/12 09:43:38 Setting DNS servers to: [100.96.128.1]
INFO: 2025/12/12 09:43:38 Original DNS servers backed up: [127.0.0.53]

but still


; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> erasmus.nolai.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51330
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;erasmus.nolai.internal.		IN	A

;; AUTHORITY SECTION:
.			67674	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025121200 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Dec 12 11:36:58 UTC 2025
;; MSG SIZE  rcvd: 126

What does work is if I specify the internal DNS server directly


; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> @100.96.128.1 erasmus.nolai.internal
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17237
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;erasmus.nolai.internal.		IN	A

;; ANSWER SECTION:
erasmus.nolai.internal.	300	IN	A	100.96.128.8

;; Query time: 2 msec
;; SERVER: 100.96.128.1#53(100.96.128.1) (UDP)
;; WHEN: Fri Dec 12 11:38:04 UTC 2025
;; MSG SIZE  rcvd: 78

But I want the Olm container to override this for the host

<!-- gh-comment-id:3646134485 --> @JobDoesburg commented on GitHub (Dec 12, 2025): I do get ```$ docker logs olm 2>&1 | grep -i dns INFO: 2025/12/12 09:43:38 DNS proxy started on 100.96.128.1:53 INFO: 2025/12/12 09:43:38 Detected DNS manager: file INFO: 2025/12/12 09:43:38 Using file-based DNS configurator INFO: 2025/12/12 09:43:38 Current DNS servers: [127.0.0.53] INFO: 2025/12/12 09:43:38 Setting DNS servers to: [100.96.128.1] INFO: 2025/12/12 09:43:38 Original DNS servers backed up: [127.0.0.53] ``` but still ```$ dig erasmus.nolai.internal ; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> erasmus.nolai.internal ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51330 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;erasmus.nolai.internal. IN A ;; AUTHORITY SECTION: . 67674 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025121200 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Dec 12 11:36:58 UTC 2025 ;; MSG SIZE rcvd: 126 ``` What does work is if I specify the internal DNS server directly ```$ dig @100.96.128.1 erasmus.nolai.internal ; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> @100.96.128.1 erasmus.nolai.internal ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17237 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;erasmus.nolai.internal. IN A ;; ANSWER SECTION: erasmus.nolai.internal. 300 IN A 100.96.128.8 ;; Query time: 2 msec ;; SERVER: 100.96.128.1#53(100.96.128.1) (UDP) ;; WHEN: Fri Dec 12 11:38:04 UTC 2025 ;; MSG SIZE rcvd: 78 ``` But I want the Olm container to override this for the host
GiteaMirror commented 2026-04-13 01:13:41 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Dec 12, 2025):

Hi!

Thanks for testing the new functionality!

If you resolve the dns from within the container does it work?

You could try

apk add bind-tools
dig erasmus.nolai.internal

Also, what DNS service is running on the host? Is it resolvconf,
systemd-resolved, or networkmanager?

<!-- gh-comment-id:3646721532 --> @oschwartz10612 commented on GitHub (Dec 12, 2025): Hi! Thanks for testing the new functionality! If you resolve the dns from within the container does it work? You could try apk add bind-tools dig erasmus.nolai.internal Also, what DNS service is running on the host? Is it resolvconf, systemd-resolved, or networkmanager?
GiteaMirror commented 2026-04-13 01:13:42 -05:00
Author
Owner
Copy Link

@JobDoesburg commented on GitHub (Dec 12, 2025):

Im using systemd-resolved...

Surprisingly, from within the container it also doesnt work

<!-- gh-comment-id:3647033508 --> @JobDoesburg commented on GitHub (Dec 12, 2025): Im using systemd-resolved... Surprisingly, from within the container it also doesnt work
GiteaMirror commented 2026-04-13 01:13:43 -05:00
Author
Owner
Copy Link

@JobDoesburg commented on GitHub (Dec 12, 2025):

Nvm, if I run with OVERRIDE_DNS=true in the container it does resolve properly.
Now I'm struggling how to instruct my host to use the proper resolver by default too

<!-- gh-comment-id:3647116090 --> @JobDoesburg commented on GitHub (Dec 12, 2025): Nvm, if I run with `OVERRIDE_DNS=true` in the container it does resolve properly. Now I'm struggling how to instruct my host to use the proper resolver by default too
GiteaMirror commented 2026-04-13 01:13:43 -05:00
Author
Owner
Copy Link

@JobDoesburg commented on GitHub (Dec 12, 2025):

I found a solution. I added a file to /etc/systemd/network/50-olm.network on the host containing

[Match]
Name=olm

[Link]
RequiredForOnline=no

[Network]
DNS=100.96.128.1
Domains=~nolai.internal
ConfigureWithoutCarrier=yes
KeepConfiguration=yes

Would be interesting to document this or give other instructions how to get this to work with olm in a docker container

<!-- gh-comment-id:3647170899 --> @JobDoesburg commented on GitHub (Dec 12, 2025): I found a solution. I added a file to `/etc/systemd/network/50-olm.network` on the host containing ``` [Match] Name=olm [Link] RequiredForOnline=no [Network] DNS=100.96.128.1 Domains=~nolai.internal ConfigureWithoutCarrier=yes KeepConfiguration=yes ``` Would be interesting to document this or give other instructions how to get this to work with olm in a docker container
GiteaMirror commented 2026-04-13 01:13:44 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Dec 12, 2025):

Ahh damn I dont know my own software! Ha! Sorry I should have warned you
about override dns. For olm thats off by default.

I assume this has to do with docker isolating the resolve.conf from the
host as well as it not detecting resolved inside of the container
despite being in the host stack. I am not sure due to docker there is a
great universal solution for this one.

I can put some notes in the docs and include this for resolved.

<!-- gh-comment-id:3647265543 --> @oschwartz10612 commented on GitHub (Dec 12, 2025): Ahh damn I dont know my own software! Ha! Sorry I should have warned you about override dns. For olm thats off by default. I assume this has to do with docker isolating the resolve.conf from the host as well as it not detecting resolved inside of the container despite being in the host stack. I am not sure due to docker there is a great universal solution for this one. I can put some notes in the docs and include this for resolved.
GiteaMirror commented 2026-04-13 01:13:45 -05:00
Author
Owner
Copy Link

@JobDoesburg commented on GitHub (Dec 12, 2025):

👍 sounds like a solution

I have thought about running the olm container without network mode host, but on a specific docker network shared with another specific container that needed it. But I didnt get that to work. Anyhow, it would be nice to document the recommended use cases for Olm in a docker container, because there are some interesting docker networking quirks about it that you otherwise typically wouldn't come across.

<!-- gh-comment-id:3647721298 --> @JobDoesburg commented on GitHub (Dec 12, 2025): 👍 sounds like a solution I have thought about running the olm container without network mode host, but on a specific docker network shared with another specific container that needed it. But I didnt get that to work. Anyhow, it would be nice to document the recommended use cases for Olm in a docker container, because there are some interesting docker networking quirks about it that you otherwise typically wouldn't come across.
GiteaMirror commented 2026-04-13 01:13:46 -05:00
Author
Owner
Copy Link

@returntrip commented on GitHub (Feb 2, 2026):

Ahh damn I dont know my own software! Ha! Sorry I should have warned you
about override dns. For olm thats off by default.

I assume this has to do with docker isolating the resolve.conf from the
host as well as it not detecting resolved inside of the container
despite being in the host stack. I am not sure due to docker there is a
great universal solution for this one.

I can put some notes in the docs and include this for resolved.

Thank god for this issue :)... the fact that the linux pangolin cli has override-dns defaulting to true and olm has it off by default confused me a LOT. I spent about three hours trying to understand why I could not ping aliases from a machine running olm. Perhaps it would be best to have same defaults across cli tools?

<!-- gh-comment-id:3835784477 --> @returntrip commented on GitHub (Feb 2, 2026): > Ahh damn I dont know my own software! Ha! Sorry I should have warned you > about override dns. For olm thats off by default. > > I assume this has to do with docker isolating the resolve.conf from the > host as well as it not detecting resolved inside of the container > despite being in the host stack. I am not sure due to docker there is a > great universal solution for this one. > > I can put some notes in the docs and include this for resolved. Thank god for this issue :)... the fact that the linux `pangolin` cli has `override-dns` defaulting to true and `olm` has it off by default confused me a LOT. I spent about three hours trying to understand why I could not ping aliases from a machine running `olm`. Perhaps it would be best to have same defaults across cli tools?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
dependencies
documentation
enhancement
good first issue
help wanted
needs investigating
pull-request
Mirrored from GitHub Pull Request
 stale
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/olm#53
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?