Dns
Things I learned today about DNS
Docker copies DNS settings into containers
https://docs.docker.com/config/containers/container-networking/#dns-services
And they are inherrited once and for all, so if you start a container and connect to a vpn, the DNS configuration of the container is now stale.
Dig doesn’t resolve the same way as Python
python3 -c "import socket; socket.getaddrinfo(\"example.com\", 9999)"
is quite different from
dig example.com
Python doesn’t resolve the same way as Python
It all depends on libc, and musl libc is really not the same as glibc:
https://wiki.musl-libc.org/functional-differences-from-glibc.html#Name-Resolver/DNS
NixOS + Network Manager + VPN can enjoy leaking DNS queries
On connecting to a vpn, NetworkManager might add new nameservers, and might not delete the existing ones, such as
nameserver 192.168.1.1