On Wed, Apr 15, 2020, at 1:27 PM, Daniel Walsh wrote: > On 4/15/20 10:07, Lennart Poettering wrote: > > On Di, 14.04.20 15:57, James Cassell (fedoraproject@xxxxxxxxxxxxx) wrote: > > > >> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote: > >>> https://fedoraproject.org/wiki/Changes/systemd-resolved > >>> > >>> == Summary == > >>> > >>> Enable systemd-resolved by default. glibc will perform name resolution > >>> using nss-resolve rather than nss-dns. > >>> > >>> == Owner == > >>> * Name: [[User:catanzaro| Michael Catanzaro]] > >>> * Email: <mcatanzaro@xxxxxxxxxx> > >>> > >>> == Detailed Description == > >>> > >>> We will enable systemd-resolved by default. > >> Does this require systemd to be running? How does this affect DNS resolution on a Fedora 33 container? > > Depends. > > > > If a container manager copies in /etc/resolv.conf from the host into > > the container on container *start*, it might be wise to copy in > > /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf, if it > > exists. That file in /run contains the currently up-to-date upstream > > DNS info literally. > > Containers copy the /etc/resolv.conf. /etc/hosts on creation, that way > they can modify it internally, > > It looks like podman will just follow the link. I setup this simple test > > # ls -l /etc/resolv.conf > lrwxrwxrwx. 1 root root 16 Apr 15 13:25 /etc/resolv.conf -> /run/resolv.conf > # cat /etc/resolv.conf > # Generated by NetworkManager > search redhat.com > nameserver 10.5.30.160 > nameserver 10.11.5.19 > nameserver 192.168.1.1 > # podman run fedora cat /etc/resolv.conf > search redhat.com > nameserver 10.5.30.160 > nameserver 10.11.5.19 > nameserver 192.168.1.1 > > So as long as the > > /run/systemd/resolve/resolv.conf > > file is properly formated, our container engines will just work. > I think there's some existing black magic to handle the case when resolv.conf references 127.0.0.1... maybe it already also works for 127.0.0.53. Otherwise, maybe it could be patched to handle 127.0.0.0/8 in the same way. Then no special casing for resolved would be needed. V/r, James Cassell > > > > If a container builder copies in /etc/resolv.conf during build time, > > it probably should insert something like 8.8.8.8 as DNS servers there, > > also replacing whatever is there. > > > > Note that the logic in systemd and resolved is very defensive: if > > /etc/resolv.conf is not a symlink to > > /run/systemd/resolve/{stub-,}resolv.conf then resolved will consume > > /etc/resolv.conf instead of managing it (see other mail), hence a > > container mgr/builder that wants to direct DNS traffic somewhere > > should just override the file to whatever it wants, and things will > > just work, regarldess if resolved runs in the container or not, and > > resolved -- if used -- will honour whatever the container mgr/builder > > put there. > > > > Lennart > > _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
