On Tue, Apr 29, 2014 at 12:17 PM, P J P <pj.pandit@xxxxxxxxxxx> wrote: > Hi, > >> On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski <luto@xxxxxxx> wrote: >>>> but the container itself runs in a network namespace, so it gets its own >>>> loopback device. This will mean 127.0.0.1:53 points to the container itself, >>>> not the host, so dns resolving in the container will not work. > > Ah, interesting! Thank you so much for sharing these details. > >> OTOH, it would be straightforward to write a tiny stub that forwards > >> 127.0.0.1:53 to something outside the container. > > I think this is a better option than having a different device address like 127.0.0.53. Forwarding traffic from inside namespace to a loop-back device on the host is analogous to a guest(VM) forwarding traffic to its host via bridge interface. > FWIW, this approach has other benefits. For example, virtme could use it to avoid hacks like trying to bind-mount something on top of /etc/resolv.conf. Some day I hope to propose explicit virtme guest support as a Fedora feature, and, if /etc/resolv.conf were to have constant, predetermined contents, a major wart would go away. https://git.kernel.org/cgit/utils/kernel/virtme/virtme.git --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
