On 4/15/20 10:07, Lennart Poettering wrote: > On Di, 14.04.20 15:57, James Cassell (fedoraproject@xxxxxxxxxxxxx) wrote: > >> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote: >>> https://fedoraproject.org/wiki/Changes/systemd-resolved >>> >>> == Summary == >>> >>> Enable systemd-resolved by default. glibc will perform name resolution >>> using nss-resolve rather than nss-dns. >>> >>> == Owner == >>> * Name: [[User:catanzaro| Michael Catanzaro]] >>> * Email: <mcatanzaro@xxxxxxxxxx> >>> >>> == Detailed Description == >>> >>> We will enable systemd-resolved by default. >> Does this require systemd to be running? How does this affect DNS resolution on a Fedora 33 container? > Depends. > > If a container manager copies in /etc/resolv.conf from the host into > the container on container *start*, it might be wise to copy in > /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf, if it > exists. That file in /run contains the currently up-to-date upstream > DNS info literally. Containers copy the /etc/resolv.conf. /etc/hosts on creation, that way they can modify it internally, It looks like podman will just follow the link. I setup this simple test # ls -l /etc/resolv.conf lrwxrwxrwx. 1 root root 16 Apr 15 13:25 /etc/resolv.conf -> /run/resolv.conf # cat /etc/resolv.conf # Generated by NetworkManager search redhat.com nameserver 10.5.30.160 nameserver 10.11.5.19 nameserver 192.168.1.1 # podman run fedora cat /etc/resolv.conf search redhat.com nameserver 10.5.30.160 nameserver 10.11.5.19 nameserver 192.168.1.1 So as long as the /run/systemd/resolve/resolv.conf file is properly formated, our container engines will just work. > > If a container builder copies in /etc/resolv.conf during build time, > it probably should insert something like 8.8.8.8 as DNS servers there, > also replacing whatever is there. > > Note that the logic in systemd and resolved is very defensive: if > /etc/resolv.conf is not a symlink to > /run/systemd/resolve/{stub-,}resolv.conf then resolved will consume > /etc/resolv.conf instead of managing it (see other mail), hence a > container mgr/builder that wants to direct DNS traffic somewhere > should just override the file to whatever it wants, and things will > just work, regarldess if resolved runs in the container or not, and > resolved -- if used -- will honour whatever the container mgr/builder > put there. > > Lennart > > -- > Lennart Poettering, Berlin > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
