On Tue, 2014-04-29 at 17:15 +0200, Alexander Larsson wrote: > On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: > > = Proposed System Wide Change: Default Local DNS Resolver = > > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver > > > > Change owner(s): P J P <pjp@xxxxxxxxxxxxxxxxx>, Pavel Šimerda > > <pavlix@xxxxxxxxxx>, Tomas Hozza <thozza@xxxxxxxxxx> > > > > To install a local DNS resolver trusted for the DNSSEC validation running on > > 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf. > > This is gonna conflict a bit with docker, and other users of network > namespaces, like systemd-nspawn. When docker runs, it picks up the > current /etc/resolv.conf and puts it in the container, but the container > itself runs in a network namespace, so it gets its own loopback device. > This will mean 127.0.0.1:53 points to the container itself, not the > host, so dns resolving in the container will not work. > > Not sure how to fix something like that though... Any way we can redirect the connection to the host ? On the host we cannot listen on 0.0.0.0 so we cannot make unbound available through normal routing on a different interface. However we can perhaps make it listen on a special virtual interface dedicated to let containers talk to other processes on the host maybe ? (could even be other privileged containers). There is a question of what addresses to use though ... Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
