[systemd-devel] sibling DNS lookup of nspawn containers

Johannes Ernst johannes.ernst at gmail.com
Sat Jun 19 03:38:56 UTC 2021


> On Jun 18, 2021, at 16:02, Silvio Knizek <killermoehre at gmx.net> wrote:
> 
> Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst:
>> 
>> Thanks, Silvio, but no luck:
>> 
>> I have host, container a and container b.
>> 
>> In both containers, .network for host0 has LLMNR=yes in the [Network]
>> section
>> 
>> The host has LLMNR=yes in the [Resolve] section of
>> /etc/systemd/resolved.conf
>> 
>> On the host: “resolvectl query a” and “…b” works.
>> 
>> In the containers “resolvectl query a” works only in container a, not
>> in b, and vice versa. So no sibling lookup.
>> 
>> iptables and ip6tables show default rules for all three.
>> 
>> What am I missing?
>> 
>> Thanks,
>> 
>> Johannes.
>> 
> 
> Are both machines in the same network zone or attached to the same
> bridge interface on the host machine? Else the default NAT rules won't
> allow for multicast traffic as it is done by LLMNR.
> sd-nspawn uses nftables, not iptables. You should see some rules with
> »nft list table ip io.systemd.nat«.
> So add »--network-zone=some-fancy-name« to your systemd-nspawn
> commands.

Almost! With —network-zone=foo, I get sibling IPv6 addresses, but I don’t get sibling IPv4 addresses.
iptables are empty, nftables seem to have nothing IP-version specific in them.

I know basically nothing about LLMNR. This is supposed to apply to both v4 and v6, right? 

On the other hand, I may not need IPv4 for my use case.

Thanks,



Johannes.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210618/52b6fc0a/attachment.htm>


More information about the systemd-devel mailing list