Re: Local DNSSEC resolver and Docker(containers)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Right, I've also heard about the special interface solution before.
Not sure how exactly it works though.

Can't claim to be an expert on the implementation details either, sorry.

 I see. In that case, maybe we could have local resolver listening
on multiple network interfaces. But how would container know which
interface it should connect to? As in, is 169.254.169.254 consistent
across various container solutions(Docker/Rocket/LXC etc.)?

Docker already supports a --dns option on the commandline to pass details for /etc/resolv.conf.   For the various container solutions, I'd expect providing a standard consumable location for the resolver would be a good start.  A container specific implementation looks like a slippery slope.

-Matt M

On Thu, Jan 15, 2015 at 1:02 PM, P J P <pjp@xxxxxxxxxxxxxxxxx> wrote:
   Hello Matt,

On Thursday, 15 January 2015 8:27 PM, Matt Micene wrote:
>One of the on list responses talks about setting up a known
>IP space, taking a page from MS and using a local collision domain.
>AWS does this currently, making a metadata service available from
>all instances on 169.254.169.254.

  Right, I've also heard about the special interface solution before.
Not sure how exactly it works though.

>This could be a solution for a Docker environment, where a host
>provides the trusted DNSSEC enabled resolver on known single and
>unchanging IP address.  This avoids the special nature of the
>loopback address, but gives consistency for a number of different
>approaches.


  I see. In that case, maybe we could have local resolver listening
on multiple network interfaces. But how would container know which
interface it should connect to? As in, is 169.254.169.254 consistent
across various container solutions(Docker/Rocket/LXC etc.)?

Thank you.---
Regards
   -Prasad
http://feedmug.com

_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux