LXC containers not accessible using .lxc dns domain on Ubuntu 14.4

I have carried out the expected configuration and had this functionality working in the past. The changes I made that had this working previously were:

Uncommenting the LXC_DOMAIN="lxc" line in /etc/default/lxc-net
Added the server=/lxc/10.0.3.1 line to /etc/NetworkManager/dnsmasq.d/lxc.conf

I've additionally added the IP for the dnsmasq instance to the resolv.conf on my host machine.

Previously, this allowed me to ping my containers using the suffix .lxc on the container name (e.g test-container.lxc) or just using the container name itself.

Now I can still ping my containers just using the container name, but the .lxc domain version of addressing my containers seems to have stopped working and I have no idea why.

I also tried adding the server=/lxc/10.0.3.1 line to /etc/dnsmasq.d/lxc as I'd read elsewhere that someone had it working using that approach, but no luck for me.

All I get when I try to ping test-container.lxc is the error:

ping: unknown host test-container.lxc

Anyone else seen this issue and know why this behaviour has changed or what I can do to get this functionality working again?

Dave Birch

Posted 2015-11-16T12:29:31.463

Reputation: 113

Answers

I have the same problem getting LXC DNS-resolution work in Ubuntu 16.04 Server LTS (the host). I have followed several guides and added those required entries to those config files but still the containers do not resolve .lxc -domain. but only the IP-address based naming was working.

As my host environment is a hosted server environment, this could be a firewall-related problem and the DNS-traffic is somehow blocked by the service provider in their firewall or networking configurations. Check your iptables settings to be sure first.

Then, to resolve this check that the /etc/resolv.conf and /etc/network/interfaces contents to make sure that nameserver 127.0.0.1 is one of the servers resolving these LXC/DNS names, and comment out any "search"-entries because by default some server host providers replace or add Google's 8.8.8.8 which obviously cannot resolve local/host running LXC DNS-names.

To add default nameserver back, you can add a file /etc/resolvconf/resolv.conf/tail with contents of nameserver 127.0.0.1 and run sudo resolvconf -u to rebuild the resolver config, and then try again to ping the containers: ping mycont.lxc (use the LXC_DOMAIN from /etc/default/lxc-net as the suffix for LXC-hostname).

The above resolved the issue in my case.

OpenITeX

Posted 2015-11-16T12:29:31.463

Reputation: 116

This works on 16.04:

echo 'LXC_DOMAIN="lxc"' >> /etc/default/lxc-net
echo 'server=/lxc/10.0.3.1' >> /etc/dnsmasq.d/lxc
sed -i '1s;^;nameserver 127.0.0.1\n;' /etc/resolv.conf
apt-get install -y dnsmasq
sudo service lxc-net restart

To make sure that /etc/resolv.conf survives the reboot:

echo 'nameserver 127.0.0.1' >> /etc/resolvconf/resolv.conf.d/head
sudo resolvconf -u

NOTE that this runs open DNS server, you should close it with firewall or some other way:

echo 'interface=lo' >> /etc/dnsmasq.conf
service dnsmasq restart

Slava N

Posted 2015-11-16T12:29:31.463

Reputation: 101