Fresh ubuntu 18.04 snap install, DNS resolution problem

[NeySlim]

Following a fresh ubuntu 18.04 install (up to date).

I cannot get nextcloud snap package to get dns resolution. If I manually enter the host in /etc/hosts, it works.
It happens for everything, from letsencrypt, to admin overview "server cannot connect to internet".

Tried to force has_internet_connection, no success.
Tried to play with the snap core resolv.conf file, but it didn't do anything.

Would it be an issue between host systemd resolv and snap ubuntu core resolvconf ?

Error | internet_connection_check | GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: www.edri.org (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) |   | 2019-02-04T17:28:58+0100
-- | -- | -- | -- | --
Error | internet_connection_check | GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: www.eff.org (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) |   | 2019-02-04T17:28:58+0100
Error | internet_connection_check | GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: www.startpage.com (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) |   | 2019-02-04T17:28:58+0100
Error | internet_connection_check | GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: www.nextcloud.com (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

Beside that, everything works well.

No access to server right now, but will update with config.php.

[kyrofa]

Uh, that sounds weird. It reminds me of #178, actually, but that was fixed in Ubuntu a long time ago. This is Ubuntu Server, I assume?

[NeySlim]

Uh, that sounds weird. It reminds me of #178, actually, but that was fixed in Ubuntu a long time ago. This is Ubuntu Server, I assume?

You are totaly right, installing resolvconf makes the problem goes away.
The links in core snap are written to target /run/resolvconf/resolv.conf
Yes it is ubuntu server.

So I think it is more an ubuntu bug ...

[marcw]

I had the same problem as well with a fresh 18.04 install on scaleway.

[NeySlim]

I had the same problem as well with a fresh 18.04 install on scaleway.

Yes, the same, you have to remove systemd-resolve and install resolvconf, it works after that.

[luixxiul]

Closing as fixed.

[mig4]

I came across this on Ubuntu 18.04 as well, but wanted to dig in to why this is happening and if there's a way to avoid going back to using resolvconf.

TL;DR

Yes there is. Just reconfigure the system to use a SystemD generated stub for resolv.conf by changing where the symlink points to:

ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Or, if using Ansible

A snippet from `tasks/main.yml`:

- name: check how `/etc/resolv.conf` is configured
  stat:
    path: /etc/resolv.conf
  register: etc_resolv_conf

- name: check if systemd-resolved is in use
  set_fact:
    # see systemd-resolved(8)
    systemd_resolved_in_use: '{{ (
      etc_resolv_conf.stat.islnk is defined and etc_resolv_conf.stat.islnk and
      etc_resolv_conf.stat.lnk_target in [
        "/run/systemd/resolve/stub-resolv.conf",
        "/usr/lib/systemd/resolv.conf",
        "/lib/systemd/resolv.conf",
        "/run/systemd/resolve/resolv.conf",
      ]
    ) }}'
    cacheable: true

- name: configure `/etc/resolv.conf` to point to dynamic stub
  file:
    path: /etc/resolv.conf
    src: /run/systemd/resolve/stub-resolv.conf
    state: link
  when: systemd_resolved_in_use

Explanation

So the problems with DNS resolution happen because the default target of /etc/resolv.conf symlink (which on Ubuntu 18.04 happens to be /lib/systemd/resolv.conf, i.e. a static stub delivered in systemd package) cannot be read from a confined snap. You can check this by doing:

# snap run --shell nextcloud.occ
# cat /etc/resolv.conf
/etc/resolv.conf: No such file or directory

On the other hand the dynamic stub that systemd-resolved generates at runtime located in /run/systemd/resolve/stub-resolv.conf can be read OK even with the confinement. For me personally, this configuration is better anyway because it respects DNS search domain unlike the static stub. See systemd-resolved(8) for details.

Anyway, so it's not a problem with this nextcloud-snap, it does seem to be upstream, but I'm not sure where. Both configurations are perfectly valid, so this is possibly an issue with the confinement policy, in that it should allow reading from (/usr)?/lib/systemd/resolv.conf to cope with the default configuration? Not sure, I'm not an expert here but if someone has a clue where this belongs I'll be happy to report it to the relevant upstream.

[kyrofa]

@mig4 excellent detective work! Would you mind opening a thread over on https://forum.snapcraft.io/ ? Feel free to ping me (same nick) and I'll get the right eyes on it.

[mig4]

For reference: https://forum.snapcraft.io/t/dns-resolution-problem-in-snaps-on-ubuntu-18-04-server-with-systemd-resolved/16816