Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, 2014-04-29 at 17:15 +0200, Alexander Larsson wrote:
> On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
> > = Proposed System Wide Change:  Default Local DNS Resolver = 
> > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_...
> > 
> > Change owner(s): P J P <pjp@fedoraproject.org>, Pavel Šimerda 
> > <pavlix@pavlix.net>,	 Tomas Hozza <thozza@redhat.com>
> > 
> > To install a local DNS resolver trusted for the DNSSEC validation running on 
> > 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf.
> 
> This is gonna conflict a bit with docker, and other  users of network
> namespaces, like systemd-nspawn. When docker runs, it picks up the
> current /etc/resolv.conf and puts it in the container, but the container
> itself runs in a network namespace, so it gets its own loopback device.
> This will mean 127.0.0.1:53 points to the container itself, not the
> host, so dns resolving in the container will not work.
> 
> Not sure how to fix something like that though...

Any way we can redirect the connection to the host ?

On the host we cannot listen on 0.0.0.0 so we cannot make unbound
available through normal routing on a different interface.

However we can perhaps make it listen on a special virtual interface
dedicated to let containers talk to other processes on the host maybe ?
(could even be other privileged containers). There is a question of what
addresses to use though ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct