[systemd-devel] sibling DNS lookup of nspawn containers
Silvio Knizek
killermoehre at gmx.net
Fri Jun 18 23:02:10 UTC 2021
Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst:
>
> Thanks, Silvio, but no luck:
>
> I have host, container a and container b.
>
> In both containers, .network for host0 has LLMNR=yes in the [Network]
> section
>
> The host has LLMNR=yes in the [Resolve] section of
> /etc/systemd/resolved.conf
>
> On the host: “resolvectl query a” and “…b” works.
>
> In the containers “resolvectl query a” works only in container a, not
> in b, and vice versa. So no sibling lookup.
>
> iptables and ip6tables show default rules for all three.
>
> What am I missing?
>
> Thanks,
>
> Johannes.
>
Hi Johannes,
Are both machines in the same network zone or attached to the same
bridge interface on the host machine? Else the default NAT rules won't
allow for multicast traffic as it is done by LLMNR.
sd-nspawn uses nftables, not iptables. You should see some rules with
»nft list table ip io.systemd.nat«.
So add »--network-zone=some-fancy-name« to your systemd-nspawn
commands.
=== man: systemd.nspawn ===
Using --network-zone= is hence in most cases fully automatic and
sufficient to connect multiple local containers in a joined broadcast
domain to the host, with further connectivity to the external network.
=== ===
BR
Silvio
More information about the systemd-devel
mailing list