dnsproxy: Add DNS proxying functionality.

There are services that don't use the libc resolver in their service containers (for example some Go-based services). This feature allows the MDNS publisher to act as a DNS proxy on bridged networks for these services. Set the 'PROXY_DNS' envvar to 'true' to proxy DNS instead of publishing MDNS records, and ensure the networking mode is the bridge network and not 'host'. Change-type: minor Signed-off-by: Heds Simons <[email protected]>
balena-io · Aug 29, 2019 · aacd2d3 · aacd2d3
1 parent 796e108
commit aacd2d3
Show file tree

Hide file tree

Showing 9 changed files with 488 additions and 280 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -3,6 +3,7 @@ FROM balena/open-balena-base:v8.0.3 as base
 RUN apt-get update && \
     apt-get install -yq --no-install-recommends \
     libdbus-glib-1-dev \
+    dnsmasq \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /usr/src/app
@@ -15,6 +16,7 @@ RUN JOBS=MAX npm ci --unsafe-perm --production && npm cache clean --force && rm
 
 # Copy and enable the service
 COPY config/services /etc/systemd/system
+RUN systemctl disable dnsmasq.service
 RUN systemctl enable balena-mdns-publisher.service
 
 # Build service
@@ -33,4 +35,3 @@ FROM base
 COPY --from=build /usr/src/app/build /usr/src/app/build
 COPY --from=build /usr/src/app/bin /usr/src/app/bin
 COPY --from=build /usr/src/app/config /usr/src/app/config
-COPY --from=base /usr/src/app/node_modules /usr/src/app/node_modules
diff --git a/config/confd_env_backend/conf.d/env.toml b/config/confd_env_backend/conf.d/env.toml
@@ -8,5 +8,6 @@ keys = [
   "DBUS_SESSION_BUS_ADDRESS",
   "BALENA_SUPERVISOR_ADDRESS",
   "BALENA_SUPERVISOR_API_KEY",
-  "MDNS_API_TOKEN"
+  "MDNS_API_TOKEN",
+  "PROXY_DNS",
 ]
diff --git a/config/confd_env_backend/templates/env.tmpl b/config/confd_env_backend/templates/env.tmpl
@@ -5,4 +5,5 @@ DBUS_SESSION_BUS_ADDRESS={{getenv "DBUS_SESSION_BUS_ADDRESS"}}
 BALENA_SUPERVISOR_ADDRESS={{getenv "BALENA_SUPERVISOR_ADDRESS"}}
 BALENA_SUPERVISOR_API_KEY={{getenv "BALENA_SUPERVISOR_API_KEY"}}
 MDNS_API_TOKEN={{getenv "MDNS_API_TOKEN"}}
+PROXY_DNS={{getenv "PROXY_DNS"}}
 NODE_EXTRA_CA_CERTS={{if getenv "BALENA_ROOT_CA"}}/etc/ssl/certs/balenaRootCA.pem{{end}}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,11 +25,13 @@
     "bluebird": "^3.5.1",
     "dbus-native": "^0.4.0",
     "lodash": "^4.17.15",
+    "mz": "^2.7.0",
     "request": "^2.88.0",
     "request-promise": "^4.2.4"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.134",
+    "@types/mz": "0.0.32",
     "@types/node": "^10.14.4",
     "@types/request-promise": "^4.1.42",
     "husky": "^1.3.1",