Bianca79
Mission Specialist
Mission Specialist
  • 3,799 Views

How to overwrite podman network to enable DNS?

Jump to solution

In chapter 2 quiz question 6 of the Container Networking Basics it is stated that the podman network needs to be overwritten to enable DNS. But how can I do that?


I have looked at the man pages and help of podman network, but can't find a command to do that. 

2 Solutions

Accepted Solutions
Travis
Moderator
Moderator
  • 3,777 Views

@Bianca79 -

I can see where some of the confusion comes from here, but simply put, the example in the quiz already shows the default Podman network being overridden and DNS in use.

When you use the default Podman network, the domain name system (DNS) for other containers in that network is disabled. To enable DNS resolution between containers, create a Podman network and connect your containers to that network.

So --net app-api,app-db creates two networks (not default) allowing the containers to connect to each other relying on the DNS hostname. Without specifying the --net to create container networks, the default Podman network is used and DNS doesn't work.

The key here is ... 

The containers use DNS hostnames to connect to one another.

So that basically informs someone that you MUST use podman network to create container networks so that DNS works correctly.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

Travis
Moderator
Moderator
  • 3,730 Views

@Chetan_Tiwary_ -

To be honest, I skip most quizzes when teaching so we have more time for demos, breaks, and discussions. I really hate quizzes like this and especially True/False quizzes.

https://github.com/containers/dnsname/blob/main/README_PODMAN.md

I find that we need to "guess" or interpret what the question is trying to ask and what the answers imply. So the first thing if we step all the waty back is the scenario being asked ...

Each container must communicate with at least one other container via Podman networks. Isolate network communication so that only necessary connections are available. The containers use DNS hostnames to connect to one another.

So this tells us we can't connect via IP and we must use DNS. So based on process of elimination, A we know is wrong because by default, it doesn't provide DNS. C we know is wrong because without specifying networks for containers to attach to, it is attached to the Podman default network.

So that leaves us with B and D. I personally agree with you and think the wording makes D seem like the more logical choice. However, keep in mind people from many different locations write these questions and you must read very carefully. The answer for D states that the default Podman network CANNOT provide DNS. That is a false statement. It doesn't provide DNS by default as that is how it is configured. It is possible to change the configuration so that the default Podman network CAN provide DNS.

I've placed a link in here from Github discussing the DNS Podman plugin and how it works as well as the ability for it to provide DNS names on the default Podman network. I think during some of the pilot of this course I had some issues with wording, but you need to really really really look at the question, the answers, and sometimes reference external sources.

The important thing here is that users understand that by default the podman network doesn't have DNS enabled and users should create new Podman networks for containers to leverage DNS. However, it is also possible to modify the podman network to enable DNS by modifiying the configuration.

Again, this is a poorly written question as it causes confusion reading both the scenario and the answers. I'm not even sure how this question could be fixed. Maybe to make things more clear is to change the wording around and ask if the default podman network can be used to provide DNS and change the wording of all the anwers around. 

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

7 Replies
Travis
Moderator
Moderator
  • 3,778 Views

@Bianca79 -

I can see where some of the confusion comes from here, but simply put, the example in the quiz already shows the default Podman network being overridden and DNS in use.

When you use the default Podman network, the domain name system (DNS) for other containers in that network is disabled. To enable DNS resolution between containers, create a Podman network and connect your containers to that network.

So --net app-api,app-db creates two networks (not default) allowing the containers to connect to each other relying on the DNS hostname. Without specifying the --net to create container networks, the default Podman network is used and DNS doesn't work.

The key here is ... 

The containers use DNS hostnames to connect to one another.

So that basically informs someone that you MUST use podman network to create container networks so that DNS works correctly.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Chetan_Tiwary_
Moderator
Moderator
  • 3,738 Views

@Bianca79 I hope you got the answer from Travis - where he mentioned that the default podman network has the DNS plugin disabled ( "dns_enabled": false)  , and you can create a new network to overwrite the DNS feature ( "dns_enabled": true ).

However, @Travis dont you think either the Ch02s04 question 6 statement does not justify the solution given in the quiz or the answer no. D is more appropriate solution to the given Q6 ?

Chetan_Tiwary__0-1703417861036.png

 

 

 

 

 

 

Please let me know your thoughts on option D.

If option B is considered the correct solution then is the question 6 statement valid ( I feel it is confusing in this case ).

0 Kudos
Travis
Moderator
Moderator
  • 3,731 Views

@Chetan_Tiwary_ -

To be honest, I skip most quizzes when teaching so we have more time for demos, breaks, and discussions. I really hate quizzes like this and especially True/False quizzes.

https://github.com/containers/dnsname/blob/main/README_PODMAN.md

I find that we need to "guess" or interpret what the question is trying to ask and what the answers imply. So the first thing if we step all the waty back is the scenario being asked ...

Each container must communicate with at least one other container via Podman networks. Isolate network communication so that only necessary connections are available. The containers use DNS hostnames to connect to one another.

So this tells us we can't connect via IP and we must use DNS. So based on process of elimination, A we know is wrong because by default, it doesn't provide DNS. C we know is wrong because without specifying networks for containers to attach to, it is attached to the Podman default network.

So that leaves us with B and D. I personally agree with you and think the wording makes D seem like the more logical choice. However, keep in mind people from many different locations write these questions and you must read very carefully. The answer for D states that the default Podman network CANNOT provide DNS. That is a false statement. It doesn't provide DNS by default as that is how it is configured. It is possible to change the configuration so that the default Podman network CAN provide DNS.

I've placed a link in here from Github discussing the DNS Podman plugin and how it works as well as the ability for it to provide DNS names on the default Podman network. I think during some of the pilot of this course I had some issues with wording, but you need to really really really look at the question, the answers, and sometimes reference external sources.

The important thing here is that users understand that by default the podman network doesn't have DNS enabled and users should create new Podman networks for containers to leverage DNS. However, it is also possible to modify the podman network to enable DNS by modifiying the configuration.

Again, this is a poorly written question as it causes confusion reading both the scenario and the answers. I'm not even sure how this question could be fixed. Maybe to make things more clear is to change the wording around and ask if the default podman network can be used to provide DNS and change the wording of all the anwers around. 

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Chetan_Tiwary_
Moderator
Moderator
  • 3,706 Views

@Travis Fair point. Thank you!

0 Kudos
Bianca79
Mission Specialist
Mission Specialist
  • 3,611 Views

Thanks for the explanation. The above discussion about answer B and D was exactly my problem. I understand that the default podman network has DNS disabled and a new network I create with podman network create has DNS enabled. 
But I read answer B as if the default podman network can be overwritten so that the default podman network has DNS enabled. Form your answers it is only overwritten by creating a new network which for me is more close to answer D.

However in the above answer it is stated: However, it is also possible to modify the podman network to enable DNS by modifiying the configuration.

Do I understand it correctly now that it is possible to change the default podman network with this extra plugin?

Chetan_Tiwary_
Moderator
Moderator
  • 3,606 Views
0 Kudos
  • 539 Views

Hi @Travis , I just came across this question and was similarly confused.  I'd like to discuss more!

Question 6 states:
 Could the default podman network replace one of the networks in this configuration? Why or why not?

If we are creating a new network as in your example, --net app-api,app-db, then we are not using the default podman network, and so I still don't see how it can 'replace' one of the networks in this configuration.

I believe the root of this confusion is the use of the term 'override'.  In my opinion, creating new networks is not 'overriding' anything, as the default network remains in place alongside the new bridges that have been created.

The only other possibility is that 'override' means to change the configuration of the default network, but as this is not covered in the course topic, I don't think that would be a fair question. 

Given that we don't address that configuration possibility in the course topic, I think the answer should still be D.

0 Kudos
Join the discussion
You must log in to join this conversation.