I am annoyed at stub resolvers, precisely because of containers. A lot of things parse /etc/resolv.conf and when that only has stub resolver, it may still be copied into containers with different network namespace and thus enabled to do any dns resolutions.
The lack of private dbus resolved socket is unfortunate. IMHO everyone should use the two nss modules (including containers) and /etc/resolv.conf should actually be a symlink to the resolved maintained private resolv.conf. Or we need to teach container technologies to copy /run/systemd/resolve/resolv.conf instead of /etc/resolv.conf into containers / chroots / etc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1685045 Title: stop using libnss_resolve.so for name resolution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1685045/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
