Feature: allow IPv6 DNS (#455)

* Feature: allow IPv6 DNS

Problem IPv6 DNS were automatically filtered when detected from resolvectl

Solution: Nameservers are now split into ipv4 and ipv6 and can be passed to the VM accordingly
At the moment we pass them if the ipv6 parameter is present on the tap interface but we need a
more robust detection method


* Display proper env conf

Author: olethanh

src/aleph/vm/conf.py

@@ -76,17 +76,6 @@ def resolvectl_dns_servers(interface: str) -> Iterable[str]:
         yield server.strip()
 
 
-def resolvectl_dns_servers_ipv4(interface: str) -> Iterable[str]:
-    """
-    Use resolvectl to list available IPv4 DNS servers.
-    VMs only support IPv4 networking for now, we must exclude IPv6 DNS from their config.
-    """
-    for server in resolvectl_dns_servers(interface):
-        ip_addr = ipaddress.ip_address(server)
-        if isinstance(ip_addr, ipaddress.IPv4Address):
-            yield server
-
-
 def get_default_interface() -> str | None:
     """Returns the default network interface"""
     with open("/proc/net/route") as f:
@@ -104,7 +93,7 @@ def obtain_dns_ips(dns_resolver: DnsResolver, network_interface: str) -> list[st
         # Use a try-except approach since resolvectl can be present but disabled and raise the following
         # "Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found."
         try:
-            return list(resolvectl_dns_servers_ipv4(interface=network_interface))
+            return list(resolvectl_dns_servers(interface=network_interface))
         except (FileNotFoundError, CalledProcessError) as error:
             if Path("/etc/resolv.conf").exists():
                 return list(etc_resolv_conf_dns_servers())
@@ -116,7 +105,7 @@ def obtain_dns_ips(dns_resolver: DnsResolver, network_interface: str) -> list[st
         return list(etc_resolv_conf_dns_servers())
 
     elif dns_resolver == DnsResolver.resolvectl:
-        return list(resolvectl_dns_servers_ipv4(interface=network_interface))
+        return list(resolvectl_dns_servers(interface=network_interface))
 
     else:
         msg = "No DNS resolve defined, this should never happen."
@@ -182,8 +171,13 @@ class Settings(BaseSettings):
         description="Use the Neighbor Discovery Protocol Proxy to respond to Router Solicitation for instances on IPv6",
     )
 
-    DNS_RESOLUTION: DnsResolver | None = DnsResolver.detect
+    DNS_RESOLUTION: DnsResolver | None = Field(
+        default=DnsResolver.detect,
+        description="Method used to resolve the dns server if DNS_NAMESERVERS is not present.",
+    )
     DNS_NAMESERVERS: list[str] | None = None
+    DNS_NAMESERVERS_IPV4: list[str] | None
+    DNS_NAMESERVERS_IPV6: list[str] | None
 
     FIRECRACKER_PATH: Path = Path("/opt/firecracker/firecracker")
     JAILER_PATH: Path = Path("/opt/firecracker/jailer")
@@ -445,6 +439,18 @@ def setup(self):
                 network_interface=self.NETWORK_INTERFACE,
             )
 
+        if not self.DNS_NAMESERVERS_IPV4:
+            self.DNS_NAMESERVERS_IPV4 = []
+        if not self.DNS_NAMESERVERS_IPV6:
+            self.DNS_NAMESERVERS_IPV6 = []
+        if self.DNS_NAMESERVERS:
+            for server in self.DNS_NAMESERVERS:
+                ip_addr = ipaddress.ip_address(server)
+                if isinstance(ip_addr, ipaddress.IPv4Address):
+                    self.DNS_NAMESERVERS_IPV4.append(server)
+                if isinstance(ip_addr, ipaddress.IPv6Address):
+                    self.DNS_NAMESERVERS_IPV6.append(server)
+
         if not settings.ENABLE_QEMU_SUPPORT:
             # If QEmu is not supported, ignore the setting and use Firecracker by default
             settings.INSTANCE_DEFAULT_HYPERVISOR = HypervisorType.firecracker
@@ -462,7 +468,7 @@ def display(self) -> str:
             else:
                 attributes[attr] = getattr(self, attr)
 
-        return "\n".join(f"{attribute:<27} = {value}" for attribute, value in attributes.items())
+        return "\n".join(f"{self.Config.env_prefix}{attribute} = {value}" for attribute, value in attributes.items())
 
     def __init__(
         self,

src/aleph/vm/controllers/firecracker/instance.py

@@ -198,6 +198,11 @@ def _create_network_file(self) -> bytes:
         ipv6 = self.get_ipv6()
         ipv6_gateway = self.get_ipv6_gateway()
 
+        nameservers_ip = []
+        if ip:
+            nameservers_ip = settings.DNS_NAMESERVERS_IPV4
+        if ipv6:
+            nameservers_ip += settings.DNS_NAMESERVERS_IPV6
         network = {
             "ethernets": {
                 "eth0": {
@@ -207,7 +212,7 @@ def _create_network_file(self) -> bytes:
                     "gateway4": route,
                     "gateway6": ipv6_gateway,
                     "nameservers": {
-                        "addresses": settings.DNS_NAMESERVERS,
+                        "addresses": nameservers_ip,
                     },
                 },
             },

tests/supervisor/test_resolvectl_dns_servers.py

@@ -2,7 +2,7 @@
 import os
 from unittest import mock
 
-from aleph.vm.conf import resolvectl_dns_servers, resolvectl_dns_servers_ipv4
+from aleph.vm.conf import resolvectl_dns_servers
 
 os.environ["ALEPH_VM_ALLOW_VM_NETWORKING"] = "False"
 
@@ -17,9 +17,6 @@ def test_resolvectl():
         dns_servers = set(resolvectl_dns_servers("eth0"))
         assert dns_servers == servers
 
-        dns_servers_ipv4 = set(resolvectl_dns_servers_ipv4("eth0"))
-        assert dns_servers_ipv4 == servers
-
 
 def test_resolvectl_ipv6():
     with mock.patch(
@@ -31,6 +28,3 @@ def test_resolvectl_ipv6():
 
         dns_servers = set(resolvectl_dns_servers("eth0"))
         assert dns_servers == ipv4_servers | ipv6_servers
-
-        dns_servers_ipv4 = set(resolvectl_dns_servers_ipv4("eth0"))
-        assert dns_servers_ipv4 == ipv4_servers