Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using vznet binds port 53 on MacOS 13+, blocking other apps #2176

Open
allwalte opened this issue Feb 1, 2024 · 1 comment
Open

Using vznet binds port 53 on MacOS 13+, blocking other apps #2176

allwalte opened this issue Feb 1, 2024 · 1 comment
Labels
component/dns component/vz

Comments

@allwalte
Copy link

allwalte commented Feb 1, 2024
edited

Description

When using the vznet networking option, as best I can tell this uses the new apple virtualization framework for the networking, which automatically binds port 53 to mDNSresponder if that port is available. If not, it picks a random high port and everything from what I can tell so far seems to work fine? Everything I've tried, anyway.

The problem here though is that some applications - in this particular case, Cloudflare Warp, but I believe other applications that essentially take over DNS like VPNs or DNS filtering in general - require this port specifically, because the idea is to not allow them to run side by side with something else that is also trying to take over DNS.

There is an ongoing issue in the Rancher Desktop project about this, though I personally first experienced it with colima, and then verified with lima itself.

fwiw Docker Desktop has an option called "kernelforUDP" that, if you set it to false, works around this issue - but I don't really know the exact mechanism it uses or whether whatever that is would even work for lima. However, given that things seem to work (though again, only in the testing I've done; I'm sure there's a wider set of use cases to try) when port 53 is already taken and it picks something else - would it be possible to maybe have a config option that could somehow fake port 53 being used and/or in some other way force it to go pick another port? I'm quite new to all of this so I don't know enough about how it would work to try to PR it at this point, but I will certainly continue to look. I just thought I would post it here in the meantime so other eyes could be on it as well if they wanted.
@warrenseine
Copy link

I have the exact same issue, but as you stated, the easy workaround is to start WARP before Lima. I'd like to run both when macOS starts, but since I can't control the order, I often end up with a WARP error. Stopping Lima, connecting to Warp, and starting Lima again resolves the issue until the next disconnection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/dns component/vz
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@warrenseine @AkihiroSuda @allwalte