Re: sibling DNS lookup of nspawn containers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst:
>
> Thanks, Silvio, but no luck:
>
> I have host, container a and container b.
>
> In both containers, .network for host0 has LLMNR=yes in the [Network]
> section
>
> The host has LLMNR=yes in the [Resolve] section of
> /etc/systemd/resolved.conf
>
> On the host: “resolvectl query a” and “…b” works.
>
> In the containers “resolvectl query a” works only in container a, not
> in b, and vice versa. So no sibling lookup.
>
> iptables and ip6tables show default rules for all three.
>
> What am I missing?
>
> Thanks,
>
> Johannes.
>
Hi Johannes,

Are both machines in the same network zone or attached to the same
bridge interface on the host machine? Else the default NAT rules won't
allow for multicast traffic as it is done by LLMNR.
sd-nspawn uses nftables, not iptables. You should see some rules with
»nft list table ip io.systemd.nat«.
So add »--network-zone=some-fancy-name« to your systemd-nspawn
commands.

=== man: systemd.nspawn ===
Using --network-zone= is hence in most cases fully automatic and
sufficient to connect multiple local containers in a joined broadcast
domain to the host, with further connectivity to the external network.
=== ===

BR
Silvio

_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel




[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux