[BUG] Single Machine Deployment Defaults to external DNS Servers

[erwinkersten]

Issue

In a single-machine deployment scenario (not evaluated in a Scalable Cluster environment), there's an issue where the DNS name server defaults to 1.1.1.1 and 1.0.0.1 when no DNS server are configured.

Expected Behavior

AKS EE Linux node should utilize the DNS servers configured in the Windows Host OS, rather than defaulting to external DNS servers when no DNS server is provided in the configuration . Update: this happens when the Network.InternetDisabled is set to true, when is set to false it uses the Windows Host OS DNS server

Documentation Reference

The current documentation suggests that the AKS EE Linux node will use the Windows Host OS DNS servers. However, this behavior is not observed in practice in the single-machine deployment setup.

By default, during AKS Edge Essentials deployment, you can provide the DNS servers list using the DnsServers parameter. If no address is provided, the deployment mechanism looks for the Windows host OS DNS servers (check using ipconfing /all) and uses those server addresses.

Source: https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-edge-concept-networking#dns

When no Network.DnsServers setting is is provided the system defaults to 1.1.1.1 and 1.0.0.1 and the following output is shown when we perform a resolverctl status in the linux vm:

PS C:\> Invoke-AksEdgeNodeCommand -command 'resolvectl status'
Global
           Protocols: -LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 1.1.1.1#cloudflare-dns.com
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
                      1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google
                      2606:4700:4700::1111#cloudflare-dns.com
                      2001:4860:4860::8888#dns.google
                      2606:4700:4700::1001#cloudflare-dns.com
                      2001:4860:4860::8844#dns.google

Link 2 (eth0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Addional information

When we configure a the Network.DnsServers setting in the config the DNS resolution works as expected,:

  "Network": {
	"DnsServers": ["192.168.1.1"],
    "InternetDisabled": true,
    "NetworkPlugin": "flannel",
    ....    

We see that erth0 is connfigured with the DNS server (as expected) .

PS C:\> Invoke-AksEdgeNodeCommand -command 'resolvectl status'
Global
           Protocols: -LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
                      1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google
                      2606:4700:4700::1111#cloudflare-dns.com
                      2001:4860:4860::8888#dns.google
                      2606:4700:4700::1001#cloudflare-dns.com
                      2001:4860:4860::8844#dns.google

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
       DNS Servers: 192.168.1.1

[scooley]

@SummerSmith - feels like a minor and reasonable change, let's discuss internally. @abhilashaagarwala, FYI as you're working on networking :)