Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] DNS resolution not working in a rootful systemd container without unshare-netns option. #1159

Closed
kerneis-anssi opened this issue Jan 17, 2024 · 3 comments
Closed

[Bug] DNS resolution not working in a rootful systemd container without unshare-netns option. #1159

kerneis-anssi opened this issue Jan 17, 2024 · 3 comments

Comments

@kerneis-anssi
Copy link

It looks a lot like #1075 except I’m not using --unshare-netns.

Steps to reproduce:

$ sudo mkdir /home/fedora
$ distrobox create --image quay.io/toolbx-images/fedora-toolbox:39 --init  --additional-packages "systemd"  --root --home /home/fedora --name fedora-tb
$ distrobox enter --root fedora-tb
[…]
📦[kerneis@fedora-tb kerneis]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=2.33 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=2.78 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 2.332/2.554/2.777/0.222 ms
📦[kerneis@fedora-tb kerneis]$ ping www.google.com
ping: www.google.com: Temporary failure in name resolution
📦[kerneis@fedora-tb kerneis]$

Note that the exact same command-line with --unshare-netns (as found in #1075 (comment)) does work.
@kerneis-anssi kerneis-anssi added the bug Something isn't working label Jan 17, 2024
@89luca89
Copy link
Owner

89luca89 commented Feb 1, 2024

Hi @kerneis-anssi thanks for the issue

I was not able to reproduce this issue
image
image

@kerneis-anssi
Copy link
Author

I found the following in the container's log (journalctl -b0):

Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: LLMNR-IPv4(UDP): There appears to be another LLMNR responder running, or previously systemd-resolved crashed with some outstanding transfers.
Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: LLMNR-IPv4(TCP): There appears to be another LLMNR responder running, or previously systemd-resolved crashed with some outstanding transfers.
Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: LLMNR-IPv4(TCP): Failed to bind socket: Address already in use
Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: Another LLMNR responder prohibits binding the socket to the same port. Turning off LLMNR support.
Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: Another process is already listening on TCP socket 127.0.0.53:53.
Feb 02 12:16:31 fedora-tb.fedora systemd-resolved[492]: Turning off local DNS stub support.

The following made name resolution work again (from the container):

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

I have no clue why, I hope others will find this useful.

@89luca89
Copy link
Owner

89luca89 commented Feb 3, 2024

Nice find, I'll transform this in a discussion for future reference for other people 👍

@89luca89 89luca89 removed the bug Something isn't working label Feb 3, 2024
Repository owner locked and limited conversation to collaborators Feb 3, 2024
@89luca89 89luca89 converted this issue into discussion #1190 Feb 3, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@89luca89 @kerneis-anssi