From 541e3398a0c886ee3bd5ba92858d185b335bf997 Mon Sep 17 00:00:00 2001
From: casjay <git-admin@casjaysdev.pro>
Date: Fri, 5 Jun 2026 12:22:20 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20container=20DNS:=20ship=20?=
 =?UTF-8?q?resolv.conf=20without=20search=20domain=20=F0=9F=90=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hosts with a search domain (e.g. search casjay.dev) cause containers
to inherit it. When that zone has a wildcard AAAA record, public
hostnames like github.com resolve to the host's own IPv6 address
instead of the real server, breaking all HTTPS (and any other
protocol) from inside the container.
The entrypoint already has a hook: if /usr/local/etc/resolv.conf
exists it replaces /etc/resolv.conf at container startup. Ship a
clean resolv.conf with Cloudflare + Google DNS and no search domain
so container DNS is always correct regardless of host configuration.
- rootfs/usr/local/etc/resolv.conf: new file — clean DNS, no search domain

rootfs/usr/local/etc/resolv.conf
---
 rootfs/usr/local/etc/resolv.conf | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 rootfs/usr/local/etc/resolv.conf

diff --git a/rootfs/usr/local/etc/resolv.conf b/rootfs/usr/local/etc/resolv.conf
new file mode 100644
index 0000000..b48f4bc
--- /dev/null
+++ b/rootfs/usr/local/etc/resolv.conf
@@ -0,0 +1,4 @@
+nameserver 1.1.1.1
+nameserver 1.0.0.1
+nameserver 8.8.8.8
+nameserver 8.8.4.4