On 4/15/20 10:07, Lennart Poettering wrote:
> On Di, 14.04.20 15:57, James Cassell (fedoraproj...@cyberpear.com) wrote:
>
>> On Tue, Apr 14, 2020, at 3:23 PM, Ben Cotton wrote:
>>> https://fedoraproject.org/wiki/Changes/systemd-resolved
>>>
>>> == Summary ==
>>>
>>> Enable systemd-resolved by default. glibc will perform name resolution
>>> using nss-resolve rather than nss-dns.
>>>
>>> == Owner ==
>>> * Name: [[User:catanzaro| Michael Catanzaro]]
>>> * Email: <mcatanz...@redhat.com>
>>>
>>> == Detailed Description ==
>>>
>>> We will enable systemd-resolved by default.
>> Does this require systemd to be running? How does this affect DNS resolution
>> on a Fedora 33 container?
> Depends.
>
> If a container manager copies in /etc/resolv.conf from the host into
> the container on container *start*, it might be wise to copy in
> /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf, if it
> exists. That file in /run contains the currently up-to-date upstream
> DNS info literally.
Containers copy the /etc/resolv.conf. /etc/hosts on creation, that way
they can modify it internally,
It looks like podman will just follow the link. I setup this simple test
# ls -l /etc/resolv.conf
lrwxrwxrwx. 1 root root 16 Apr 15 13:25 /etc/resolv.conf -> /run/resolv.conf
# cat /etc/resolv.conf
# Generated by NetworkManager
search redhat.com
nameserver 10.5.30.160
nameserver 10.11.5.19
nameserver 192.168.1.1
# podman run fedora cat /etc/resolv.conf
search redhat.com
nameserver 10.5.30.160
nameserver 10.11.5.19
nameserver 192.168.1.1
So as long as the
/run/systemd/resolve/resolv.conf
file is properly formated, our container engines will just work.
>
> If a container builder copies in /etc/resolv.conf during build time,
> it probably should insert something like 8.8.8.8 as DNS servers there,
> also replacing whatever is there.
>
> Note that the logic in systemd and resolved is very defensive: if
> /etc/resolv.conf is not a symlink to
> /run/systemd/resolve/{stub-,}resolv.conf then resolved will consume
> /etc/resolv.conf instead of managing it (see other mail), hence a
> container mgr/builder that wants to direct DNS traffic somewhere
> should just override the file to whatever it wants, and things will
> just work, regarldess if resolved runs in the container or not, and
> resolved -- if used -- will honour whatever the container mgr/builder
> put there.
>
> Lennart
>
> --
> Lennart Poettering, Berlin
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
