Skip to content

Improve DNS verification by exposing port 53 to host#107

Merged
aidankhogg merged 2 commits into
dev/alphafrom
claude/netengine-setup-diagnostics-6p80de
Jun 29, 2026
Merged

Improve DNS verification by exposing port 53 to host#107
aidankhogg merged 2 commits into
dev/alphafrom
claude/netengine-setup-diagnostics-6p80de

Conversation

@aidankhogg

Copy link
Copy Markdown
Contributor

Summary

This PR improves DNS service verification and diagnostics by exposing the CoreDNS container's port 53/UDP to the host via localhost, enabling the orchestrator to verify DNS functionality from the host machine rather than requiring access to the internal core network.

Key Changes

  • Port Exposure: Configure CoreDNS container to expose port 53/UDP to 127.0.0.1:53 on the host, allowing DNS queries from the orchestrator without requiring core network access
  • Query Target Update: Change DNS verification queries from the internal root IP (10.0.0.210.10.0.2) to 127.0.0.1:53 (localhost), improving accessibility and reliability
  • Enhanced Diagnostics: Add comprehensive logging of container network settings and port mappings when DNS verification fails, including:
    • Network interface IPs
    • Port binding information
    • Helpful error messages for common failure scenarios (port already in use, CoreDNS startup issues, malformed zones)
  • Better Error Handling: Improve exception handling in _query_soa() with:
    • Specific detection of "Permission denied" errors (port 53 already in use)
    • Helpful guidance on how to diagnose port conflicts
    • More granular logging for different failure modes (timeout, connection refused, etc.)
  • Documentation: Add comprehensive docstring to _query_soa() method explaining parameters and return value

Implementation Details

  • The port binding uses 127.0.0.1 to restrict DNS access to the host machine only, maintaining security
  • Diagnostic logging captures container inspection data to help troubleshoot network and port binding issues
  • Error messages now provide actionable guidance (e.g., suggesting lsof or netstat commands to check port usage)
  • Logging levels adjusted to use debug for transient failures and error for persistent issues

https://claude.ai/code/session_01J3G1MWM7E94xwcYRKZgKuL

claude added 2 commits June 29, 2026 03:54
- Expose CoreDNS port 53/udp to localhost:53 for host accessibility
- Query localhost instead of container IP during DNS verification
- Add comprehensive network and port diagnostics on verification failure
- Improve error messages with common causes and debugging guidance
- Add better exception handling with specific diagnostics for:
  - Port already in use (permission denied errors)
  - Connection timeouts
  - Connection refused errors
- Log container network configuration and port mappings when verification fails

This fixes the issue where DNS verification fails on the host because
the host cannot reach container IPs on isolated Docker networks. The
port binding allows the orchestrator to verify DNS is working by
querying the standard port-mapped address.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01J3G1MWM7E94xwcYRKZgKuL
- Remove unused root_ip variable
- Fix f-string that was missing placeholders
- Break long lines to meet 100-character limit

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01J3G1MWM7E94xwcYRKZgKuL
@aidankhogg aidankhogg merged commit 2a00925 into dev/alpha Jun 29, 2026
3 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants