On Tue, Apr 29, 2014 at 12:17 PM, P J P pj.pandit@yahoo.co.in wrote:
Hi,
On Tuesday, 29 April 2014 10:08 PM, Andrew Lutomirski luto@mit.edu wrote:
but the container itself runs in a network namespace, so it gets its own loopback device. This will mean 127.0.0.1:53 points to the container itself, not the host, so dns resolving in the container will not work.
Ah, interesting! Thank you so much for sharing these details.
OTOH, it would be straightforward to write a tiny stub that forwards
127.0.0.1:53 to something outside the container.
I think this is a better option than having a different device address like 127.0.0.53. Forwarding traffic from inside namespace to a loop-back device on the host is analogous to a guest(VM) forwarding traffic to its host via bridge interface.
FWIW, this approach has other benefits. For example, virtme could use it to avoid hacks like trying to bind-mount something on top of /etc/resolv.conf. Some day I hope to propose explicit virtme guest support as a Fedora feature, and, if /etc/resolv.conf were to have constant, predetermined contents, a major wart would go away.
https://git.kernel.org/cgit/utils/kernel/virtme/virtme.git
--Andy