On Tue, Apr 29, 2014 at 8:18 AM, Chuck Anderson <cra@xxxxxxx> wrote: > On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote: >> On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: >> > = Proposed System Wide Change: Default Local DNS Resolver = >> > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver >> > >> > Change owner(s): P J P <pjp@xxxxxxxxxxxxxxxxx>, Pavel Šimerda >> > <pavlix@xxxxxxxxxx>, Tomas Hozza <thozza@xxxxxxxxxx> >> > >> > To install a local DNS resolver trusted for the DNSSEC validation running on >> > 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf. >> >> This is gonna conflict a bit with docker, and other users of network >> namespaces, like systemd-nspawn. When docker runs, it picks up the >> current /etc/resolv.conf and puts it in the container, but the container >> itself runs in a network namespace, so it gets its own loopback device. >> This will mean 127.0.0.1:53 points to the container itself, not the >> host, so dns resolving in the container will not work. >> >> Not sure how to fix something like that though... > > Is it possible to use a different loopback device like 127.0.0.53 and > then have that point outside the container somehow? I like this solution, although I think it'll require making unbound bind to 127.0.0.53 for the non-container case, too. OTOH, it would be straightforward to write a tiny stub that forwards 127.0.0.1:53 to something outside the container. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
