From 92618ee65b4c794614c055e214741bc1d8fb1a08 Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Tue, 17 Mar 2026 19:26:10 +0100
Subject: [PATCH] fix: make backend DNS check optional when getent is
 unavailable

Add getent availability check before attempting DNS resolution in wait_for_backend_dns function. Fall back to allowing curl connectivity check in main loop when getent is not available, supporting Alpine-based images that don't ship getent by default.
---
 deploy/scripts/gateway-entrypoint.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/deploy/scripts/gateway-entrypoint.sh b/deploy/scripts/gateway-entrypoint.sh
index 867c987..1c964ee 100644
--- a/deploy/scripts/gateway-entrypoint.sh
+++ b/deploy/scripts/gateway-entrypoint.sh
@@ -57,12 +57,18 @@ NFT_CONF="/var/lib/nexavpn/nftables.generated.conf"
 mkdir -p /etc/wireguard
 
 wait_for_backend_dns() {
-  if getent hosts "${BACKEND_HOST}" >/dev/null 2>&1; then
-    return 0
+  if command -v getent >/dev/null 2>&1; then
+    if getent hosts "${BACKEND_HOST}" >/dev/null 2>&1; then
+      return 0
+    fi
+
+    echo "Backend host ${BACKEND_HOST} is not resolvable yet."
+    return 1
   fi
 
-  echo "Backend host ${BACKEND_HOST} is not resolvable yet."
-  return 1
+  # Alpine-based images may not ship getent. In that case let curl be the
+  # source of truth for connectivity and retry in the main loop on failure.
+  return 0
 }
 
 apply_bundle() {