Local DNSSEC resolver and Docker(containers)

P J P pjp at fedoraproject.org
Thu Jan 15 18:02:44 UTC 2015


   Hello Matt,

On Thursday, 15 January 2015 8:27 PM, Matt Micene wrote:
>One of the on list responses talks about setting up a known
>IP space, taking a page from MS and using a local collision domain.
>AWS does this currently, making a metadata service available from
>all instances on 169.254.169.254.

  Right, I've also heard about the special interface solution before.
Not sure how exactly it works though.

>This could be a solution for a Docker environment, where a host
>provides the trusted DNSSEC enabled resolver on known single and
>unchanging IP address.  This avoids the special nature of the
>loopback address, but gives consistency for a number of different
>approaches.


  I see. In that case, maybe we could have local resolver listening
on multiple network interfaces. But how would container know which
interface it should connect to? As in, is 169.254.169.254 consistent
across various container solutions(Docker/Rocket/LXC etc.)?

Thank you.---
Regards
   -Prasad
http://feedmug.com


More information about the cloud mailing list