F21 System Wide Change: Default Local DNS Resolver

Miloslav Trma─Ź mitr at volny.cz
Tue Apr 29 15:35:47 UTC 2014


2014-04-29 17:15 GMT+02:00 Alexander Larsson <alexl at redhat.com>:

> On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:
> > = Proposed System Wide Change:  Default Local DNS Resolver =
> > https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
>
> > To install a local DNS resolver trusted for the DNSSEC validation
> running on
> > 127.0.0.1:53. This must be the only name server entry in
> /etc/resolv.conf.
>
> This is gonna conflict a bit with docker, and other  users of network
> namespaces, like systemd-nspawn. When docker runs, it picks up the
> current /etc/resolv.conf and puts it in the container, but the container
> itself runs in a network namespace, so it gets its own loopback device.
> This will mean 127.0.0.1:53 points to the container itself, not the
> host, so dns resolving in the container will not work.
>

Good point; would it be fair to treat this as a blocker?

(This also assumes that the docker containers will use the same security
policy as the host; i.e. that they will be administered by the same entity,
no "docker hosting" businesses.)
    Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140429/ce907fab/attachment.html>


More information about the devel mailing list