On 7/18/25 6:36 AM, Uwe Sauter wrote:
Have a look at the man-pages for systemd-nspawn and systemd.nspawn.
The available networking options are explained in there.
Am 18.07.25 um 02:04 schrieb Pocket:
Is it possible to run bind inside a nspawn container?
Created a container with pacstrap -k base into /var/lib/machines/Bind/
set root password in container
Using host networking
machinectl start Bind
machinectl login Bind
Login as root
root@Bind named]# pacman -Syy&&pacman -S bind vim
Configured bind as resolver per archlinux wiki BIND
root@Bind named]# systemctl start named&&systemctl status named
● named.service - Internet domain name server
Loaded: loaded (/usr/lib/systemd/system
/named.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-07-17 19:45:23 EDT; 17ms ago
Invocation: f5eddb5e40fb4c548d8eae7671c563fd
Main PID: 1109 ((named))
Tasks: 1 (limit: 19108)
CPU: 9ms
CGroup: /system.slice/named.service
└─1109 "(named)"
Jul 17 19:45:23 Bind systemd[1]: Started Internet domain name server.
[root@Bind named]# dig @127.0.0.1 redhat.com
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @127.0.0.1 redhat.com
; (1 server found)
;; global options: +cmd
;; no servers could be reached
[root@Bind named]#
dig @localhost. redhat.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @localhost. redhat.com
; (2 servers found)
;; global options: +cmd
;; no servers could be reached
root@Bind named]# ps aux|grep named
named 1109 0.0 0.1 223180 22328 ? Ssl 19:45 0:00
/usr/bin/named -f -u named
root 1135 0.0 0.0 3796 2064 pts/1 S+ 19:47 0:00 grep named
[root@pocket ~]# ps aux|grep named
root 22107 0.0 0.0 16348 10928 pts/1 Sl+ 19:44 0:00 vim
etc/named.conf
vu-Bind+ 22145 0.0 0.1 223180 22328 ? Ssl 19:45 0:00
/usr/bin/named -f -u named
root 22228 0.0 0.0 6468 2048 pts/0 S+ 19:47 0:00 grep named
From journalctl:
Jul 17 20:00:34 Bind named[1306]: couldn't add command channel 127.0.0.1#953:
permission denied
Jul 17 20:00:34 Bind named[1306]: configuring command channel from
'/etc/rndc.key'
Jul 17 20:00:34 Bind named[1306]: couldn't add command channel ::1#953:
permission denied
Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface lo failed; interface
ignored
Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface end0,
192.168.50.5#53
Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface end0 failed;
interface ignored
Jul 17 20:00:34 Bind named[1306]: IPv6 socket API is incomplete; explicitly
binding to each IPv6
address separately
Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface lo, ::1#53
Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface lo failed; interface
ignored
Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0,
2603:6010:6c00:3f2e:2ecf:67ff:fed8:6900#53
Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed;
interface ignored
Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0,
fe80::2ecf:67ff:fed8:6900%2#53
Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed;
interface ignored
Looks like it is running in the container but can not bind to any interfaces
Looks like I am missing something or it just doesn't work.
Anyone have any magic pixie dust?
While continuing to work on this I found that I needed the following
cat /etc/systemd/nspawn/Bind.nspawn
[Exec]
Boot=true
PrivateUsers=no
[Network]
Private=no
VirtualEthernet=no
Strange because when the conatiner is started with
system-nspawn -bD /var/lib/machines/Bind
everything works. It is only when started with machinectl the
networking failed.
With that file in place it is working.
Will continue to look at this
Thank you
--
Hindi madali ang maging ako
