From aa2aaad00bcc2a424316aafc1fa096dc000fd99c Mon Sep 17 00:00:00 2001
From: casjay <git-admin@casjaysdev.pro>
Date: Fri, 5 Jun 2026 12:34:48 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20container=20DNS:=20ship=20?=
 =?UTF-8?q?resolv.conf=20without=20search=20domain=20=F0=9F=90=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hosts with a search domain cause containers to inherit it. When the
zone has a wildcard AAAA record, public hostnames resolve to the host's
own IPv6 address instead of the real server, breaking all outbound
HTTPS and DNS from inside the container.
The entrypoint already has a hook: if /usr/local/etc/resolv.conf
exists it replaces /etc/resolv.conf at container startup. Ship a
clean resolv.conf with Cloudflare + Google DNS and no search domain
so container DNS is always correct regardless of host configuration.
- rootfs/usr/local/etc/resolv.conf: new file — clean DNS, no search domain

rootfs/usr/local/etc/resolv.conf
---
 rootfs/usr/local/etc/resolv.conf | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 rootfs/usr/local/etc/resolv.conf

diff --git a/rootfs/usr/local/etc/resolv.conf b/rootfs/usr/local/etc/resolv.conf
new file mode 100644
index 0000000..b48f4bc
--- /dev/null
+++ b/rootfs/usr/local/etc/resolv.conf
@@ -0,0 +1,4 @@
+nameserver 1.1.1.1
+nameserver 1.0.0.1
+nameserver 8.8.8.8
+nameserver 8.8.4.4