On 4/15/20 17:06, James Cassell wrote: > On Wed, Apr 15, 2020, at 1:27 PM, Daniel Walsh wrote: >> On 4/15/20 10:07, Lennart Poettering wrote: >>> On Di, 14.04.20 15:57, James Cassell (fedoraproject@xxxxxxxxxxxxx) wrote: >>> >>>> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote: >>>>> https://fedoraproject.org/wiki/Changes/systemd-resolved >>>>> >>>>> == Summary == >>>>> >>>>> Enable systemd-resolved by default. glibc will perform name resolution >>>>> using nss-resolve rather than nss-dns. >>>>> >>>>> == Owner == >>>>> * Name: [[User:catanzaro| Michael Catanzaro]] >>>>> * Email: <mcatanzaro@xxxxxxxxxx> >>>>> >>>>> == Detailed Description == >>>>> >>>>> We will enable systemd-resolved by default. >>>> Does this require systemd to be running? How does this affect DNS resolution on a Fedora 33 container? >>> Depends. >>> >>> If a container manager copies in /etc/resolv.conf from the host into >>> the container on container *start*, it might be wise to copy in >>> /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf, if it >>> exists. That file in /run contains the currently up-to-date upstream >>> DNS info literally. >> Containers copy the /etc/resolv.conf. /etc/hosts on creation, that way >> they can modify it internally, >> >> It looks like podman will just follow the link. I setup this simple test >> >> # ls -l /etc/resolv.conf >> lrwxrwxrwx. 1 root root 16 Apr 15 13:25 /etc/resolv.conf -> /run/resolv.conf >> # cat /etc/resolv.conf >> # Generated by NetworkManager >> search redhat.com >> nameserver 10.5.30.160 >> nameserver 10.11.5.19 >> nameserver 192.168.1.1 >> # podman run fedora cat /etc/resolv.conf >> search redhat.com >> nameserver 10.5.30.160 >> nameserver 10.11.5.19 >> nameserver 192.168.1.1 >> >> So as long as the >> >> /run/systemd/resolve/resolv.conf >> >> file is properly formated, our container engines will just work. >> > I think there's some existing black magic to handle the case when resolv.conf references 127.0.0.1... maybe it already also works for 127.0.0.53. Otherwise, maybe it could be patched to handle 127.0.0.0/8 in the same way. Then no special casing for resolved would be needed. > > V/r, > James Cassell Yes I believe the container engines see 127.0.0.1 and switch it to 8.8.8.8 >>> If a container builder copies in /etc/resolv.conf during build time, >>> it probably should insert something like 8.8.8.8 as DNS servers there, >>> also replacing whatever is there. >>> >>> Note that the logic in systemd and resolved is very defensive: if >>> /etc/resolv.conf is not a symlink to >>> /run/systemd/resolve/{stub-,}resolv.conf then resolved will consume >>> /etc/resolv.conf instead of managing it (see other mail), hence a >>> container mgr/builder that wants to direct DNS traffic somewhere >>> should just override the file to whatever it wants, and things will >>> just work, regarldess if resolved runs in the container or not, and >>> resolved -- if used -- will honour whatever the container mgr/builder >>> put there. >>> >>> Lennart >>> > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
