3

I have a nspawn container:

root@nomad-02:~# machinectl list
MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
debian  container systemd-nspawn debian 11      192.168.88.171…

1 machines listed.

systemd-resolved.service is started on the host (and in the container as well):

root@nomad-02:~# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-01-25 22:16:34 UTC; 12h ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 232128 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 1132)
     Memory: 5.3M
        CPU: 153ms
     CGroup: /system.slice/systemd-resolved.service
             └─232128 /lib/systemd/systemd-resolved

Jan 25 22:16:34 nomad-02 systemd[1]: Starting Network Name Resolution...
Jan 25 22:16:34 nomad-02 systemd-resolved[232128]: Positive Trust Anchors:
Jan 25 22:16:34 nomad-02 systemd-resolved[232128]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jan 25 22:16:34 nomad-02 systemd-resolved[232128]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.>
Jan 25 22:16:34 nomad-02 systemd-resolved[232128]: Using system hostname 'nomad-02'.
Jan 25 22:16:34 nomad-02 systemd[1]: Started Network Name Resolution.

The container has a vnet:

root@nomad-02:~# resolvectl status
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign

...

Link 439 (ve-debian)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

I would like to know if it is possible to reach the container from within the host using its hostname.

What I tried is:

dig @127.0.0.53 debian

which does not work.

I can not find any documentation on how to do it. Is it possible to do it?

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
3

You need the NSS (name service switch, see man 5 nss) module "mymachines" installed and enabled in /etc/nsswitch.conf. Place "mymachines" before the "resolve" or "dns" entry of the "hosts:" line of /etc/nsswitch.conf (see man 8 nss-mymachines):

hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns

If "mymachines" is already present in /etc/nsswitch.conf and still doesn't work - its priority is too low. Try moving it before "resolve" or "dns".
On Debian, you need the libnss-mymachines package, for example.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.