Apt can't resolve DNS on a LXC debian bullseye container

PMLefra · May 2, 2023, 9:38am

Hi!

I used distrobuilder to create a simple, basic bullseye image. I then created a container with it that I configured.
In the running container, the network is working fine. I can do DNS request (e.g. ping resolves names) and /etc/resolv.conf is configured (manually).
I wanted to install openssh-server, so I first tried to update the repos witg apt update (as root). Alas, apt strangely can’t do any DNS request and I’m stuck with:

Err:1 http://deb.debian.org/debian bullseye InRelease
  Temporary failure resolving 'deb.debian.org'
Err:2 http://deb.debian.org/debian bullseye-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://deb.debian.org/debian-security bullseye-security InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

Do you have any idea why this is happening? Let me know if you need any more info.
Thanks

cemzafer · May 3, 2023, 5:29pm

Hi @PMLefra,
Looks like an temporary DNS resolution problem, can you ping deb.debian.org?
Regards.

PMLefra · May 3, 2023, 5:41pm

Hi, I can ping deb.debian.org.
The DNS problem seems specific to apt.

cemzafer · May 3, 2023, 6:08pm

Is this a container or a vm? And can you post the lxc config show <container/vm name> --expanded
Regards.

PMLefra · May 5, 2023, 7:30am

It is a LXC container. Since I’m using LXC version 3.1.0, I don’t have the lxc command. Only lxc-{something} commands. I can show you the content of the container config file if this is what you want

cemzafer · May 5, 2023, 11:47am

Humm, sorry I have not too much experience with LXC containers. May be other forum masters can help you.
Regards.

cemzafer · May 8, 2023, 9:19pm

I have not so much experience with the Debian, have you ever checked the systemctl status systemd-resolved and check the status of the command resolvectl status.
Regards.

PMLefra · May 11, 2023, 9:11am

Thank you for your help, it was the starting point of a few-hours long investigation.
I managed to solve the problem: somehow the /etc directory had permissions rwxr-x— and, of course, needed rwxr-xr-x. An apt sub-process that did not have root privileges could not read /etc/resolv.conf, thus the error I kept getting.