On Mi, 15.04.20 10:09, Michael Catanzaro (mcatanzaro@gnome.org) wrote:
You're right that continuing to use nss-dns would avoid any such problems while maintaining the other benefits of systemd-resolved. That could be a fallback plan if needed.
So, it is my understanding that containers as deployed with kubernetes generally don't boot up with systemd as PID 1 inside them, no?
If that's the case things should just work: if a container manager copies in their /etc/resolv.conf, and resolved is not running in the container, then nss-dns with traditional configuration is in effect as before.
If otoh containers are now started with systemd as PID 1 inside them, then this would also mean resolved is started inside, and yes in that case the single-label thing and the DNS-server-order thing might conflict with kubernetes' expectations. In that case it should be sufficient to "systemctl disable" systemd-resolved however, and nss-dns will take front seat again.
Lennart
-- Lennart Poettering, Berlin