Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new option to manually expose the DNS port to the host, remove binding by default #11011

Merged
merged 2 commits into from
Jun 12, 2024
Merged

Add new option to manually expose the DNS port to the host, remove binding by default #11011

merged 2 commits into from
Jun 12, 2024

Conversation

dfangl
Copy link
Member

@dfangl dfangl commented Jun 12, 2024

Motivation

With recent Docker Desktop changes, port 53 is not exposable on the host from docker any more, as the port is already taken. Due to the specific error circumstances, our check whether or not we can expose it does not work any more.

As a fix, this PR will remove the automatic binding of the DNS port to the host, as this a rarely used feature (presumably), since it requires additional configuration to make proper use of it (like setting DNS_SERVER to avoid loops in the resolution).

This PR introduces a new flag --host-dns instead, which will expose the port to the host.

The flag has two shortcomings we should discuss:

  1. Per default, we bind the host port to the same address as the GATEWAY_LISTEN sets, so per default 127.0.0.1. It will not be seperately configureable, you can only change it for both the gateway and dns together.
  2. The port usability detection, which was broken in the docker desktop case, is removed now. This means if a user with port 53 already taken tries to set the flag, the docker exception explaining the failure to bind the port will be returned.

Changes

  • LocalStack CLI does not bind port 53 on the host anymore when starting LS
  • New CLI flag --host-dns to force binding port 53 (or whatever the DNS_PORT config variable is set to) on the host

@dfangl dfangl added the semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases label Jun 12, 2024
@dfangl dfangl self-assigned this Jun 12, 2024
dfangl
dfangl commented Jun 12, 2024
View reviewed changes
tests/cli/test_cli.py Outdated
Comment on lines 266 to 296
@pytest.mark.skip(reason="For this change, the tests run on the previous image")
def test_dns_server_starts_if_host_port_bound(
self, runner, container_client, monkeypatch, dns_query_from_container
):
port = get_free_udp_port()
monkeypatch.setenv("DEBUG", "1")
monkeypatch.setenv("DNS_PORT", str(port))
monkeypatch.setattr(config, "DNS_PORT", port)

# bind the port
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(("", port))

with closing(s):
runner.invoke(cli, ["start", "-d"])
runner.invoke(cli, ["wait", "-t", "60"])

inspect = container_client.inspect_container(config.MAIN_CONTAINER_NAME)
assert f"{port}/udp" not in inspect["HostConfig"]["PortBindings"]
ip_address = list(inspect["NetworkSettings"]["Networks"].values())[0]["IPAddress"]

with pytest.raises(TimeoutError):
send_dns_query(name=LOCALHOST_HOSTNAME, port=port)

# use a docker container to test the DNS
stdout, _ = dns_query_from_container(
name=LOCALHOST_HOSTNAME, ip_address=ip_address, port=port
)
assert ip_address in stdout.decode().splitlines()

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this test as it does not make sense anymore to test the "fallback if DNS port is not available" case.

@dfangl dfangl added this to the 3.5 milestone Jun 12, 2024
alexrashed
alexrashed approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@alexrashed alexrashed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes are looking good to me! I only found a small nitpick concerning the tests.
Since we kind of have to react to these changes in Docker Desktop, I think the change is reasonable, and given the (presumably 😉) small usage, it's fair to declare this as a minor change.
Concerning your two discussion points:

  • No separate bind address configuration: I would say this is something we can introduce if there's the need for it.
  • Falling back to the Docker bind exception due to the deleted check: I think this is fair, since this feature now has to be explicitly enabled.

Thanks for jumping on this! 🦸🏽 It's always DNS...

tests/cli/test_cli.py Show resolved Hide resolved
@github-actions GitHub Actions
Copy link

LocalStack Community integration with Pro

    2 files  ±0      2 suites  ±0   1h 35m 35s ⏱️ -11s
3 078 tests ±0  2 733 ✅ ±0  345 💤 ±0  0 ❌ ±0 
3 080 runs  ±0  2 733 ✅ ±0  347 💤 ±0  0 ❌ ±0 

Results for commit 0974e76. ± Comparison against base commit cb18571.

@dfangl dfangl merged commit 64723d0 into master Jun 12, 2024
30 checks passed
@dfangl dfangl deleted the cli/bind-dns-port branch June 12, 2024 14:32
@MarcelStranak MarcelStranak mentioned this pull request Jun 13, 2024
Closed
1 task
@rafrafek rafrafek mentioned this pull request Jun 13, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexrashed alexrashed alexrashed approved these changes

@thrau thrau Awaiting requested review from thrau thrau is a code owner

Assignees

@dfangl dfangl

Labels
semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases
Projects
None yet
Milestone
3.5
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dfangl @alexrashed