Debian 10 and resolv.conf (2 interfaces)

Hello,

I have question who seems to be dumb.

Host: Ubuntu 20.04
LXD: 4.4

+----------------+---------+-----------------------+------+-----------------+-----------+
|      NAME      |  STATE  |         IPV4          | IPV6 |      TYPE       | SNAPSHOTS |
+----------------+---------+-----------------------+------+-----------------+-----------+
| bastion01      | RUNNING | 192.168.10.201 (eth1) |      | CONTAINER       | 0         |
|                |         | 10.69.10.12 (eth0)    |      |                 |           |
+----------------+---------+-----------------------+------+-----------------+-----------+
| apps           | RUNNING | 192.168.10.162 (eth1) |      | CONTAINER       | 0         |
|                |         | 10.69.10.11 (eth0)    |      |                 |           |
+----------------+---------+-----------------------+------+-----------------+-----------+
| lxdmosaic01    | RUNNING | 192.168.10.117 (eth1) |      | CONTAINER       | 0         |
|                |         | 10.69.10.55 (eth0)    |      |                 |           |
+----------------+---------+-----------------------+------+-----------------+-----------+
| mariadb-master | RUNNING | 10.69.10.10 (eth0)    |      | CONTAINER       | 0         |
+----------------+---------+-----------------------+------+-----------------+-----------+
| prometheus01   | RUNNING | 192.168.10.45 (eth1)  |      | CONTAINER       | 0         |
|                |         | 10.69.10.166 (eth0)   |      |                 |           |
+----------------+---------+-----------------------+------+-----------------+-----------+
| reverseproxy01 | RUNNING | 192.168.10.202 (eth1) |      | CONTAINER       | 0         |
|                |         | 10.69.10.174 (eth0)   |      |                 |           |
+----------------+---------+-----------------------+------+-----------------+-----------+

All containers run under Ubuntu 20.04 except apps who is under Debian10.

All Ubuntu’s container can ping without problem all DNS.
for example, from bastion01
ping prometheus01.lxd works
ping prometheus01.lan works

lxc exec bastion01 -- cat /etc/resolv.conf
[...]
nameserver 127.0.0.53
options edns0
search lan lxd

But espacially for apps container (Debian10) I have problem.

lxc exec apps -- cat /etc/resolv.conf
domain lan
search lan
nameserver 192.168.10.16

I needed to do:
lxc exec apps -- dhclient

to obtain:

lxc exec apps -- cat /etc/resolv.conf
domain lxd
search lxd
nameserver 10.69.10.1

And after that, my debian10 container works fine! I can ping all dns. And my apps installed on work after.

My debian 10 interfaces:
cat /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

source /etc/network/interfaces.d/*

and
cat /etc/network/interfaces.d/eth1

auto eth1
iface eth1 inet dhcp

Others infos:
lxc network show lxdbr0

config:
  ipv4.address: 10.69.10.1/24
  ipv4.nat: "true"
  ipv6.address: none
  ipv6.nat: "true"
  volatile.bridge.hwaddr: 00:16:3e:5d:4d:57
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/bastion01
- /1.0/instances/apps
- /1.0/instances/lxdmosaic01
- /1.0/instances/mariadb-master
- /1.0/instances/prometheus01
- /1.0/instances/reverseproxy01
- /1.0/profiles/default
- /1.0/profiles/lanprofile
managed: true
status: Created
locations:
- none

Profiles:

lxc profile show lanprofile

config: {}
description: conf for eth on lan dhcp
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  eth1:
    name: eth1
    nictype: bridged
    parent: brvlan
    type: nic
  root:
    path: /
    pool: data
    type: disk
name: lanprofile
used_by:
- /1.0/instances/lxdmosaic01
- /1.0/instances/apps
- /1.0/instances/bastion01
- /1.0/instances/prometheus01
- /1.0/instances/reverseproxy01

What is the best practices to have the right revolv.conf on debian 10 container?

I prefer to no have to create dirty sh script to run by cron of maybe change something on dhclient.conf. Does LXD have a magic solution?

Thanks

Right, so you have a network setup which is inherently racy.
Both eth0 and eth1 provide DNS and a default gateway.

A system can only ever have one default gateway so whichever responds first to DHCP will be it.

On the Ubuntu side, this is less of a problem because of networkd+resolved which will handle this case in as sane a way as possible. In this case, I’d expect whichever responded first to be the default gateway with the other one put as a fallback gateway and then resolved is configured to resolve lan through one interface and lxd through the other.

On the Debian side, ifupdown is very very simple and does not support something like that. There I would expect whichever responds first to become both the default gateway and the unique DNS server. The other interface would just fail to run DHCP entirely and so never be added to DNS.

You have two options there:

  • Try to emulate Ubuntu and switch your Debian container to using systemd-networkd and systemd-resolved
  • Decide which interface is the one you want as your default gateway, let DHCP run on that one and statically configure the other one.

Hello,

Thanks @stgraber.

The solution that I found on debian 10 with two interfaces.
apt install resolvconf

vim /etc/resolvconf/resolv.conf.d/base

base:

domain lxd
search lxd
nameserver $lxdbr0_ip

On host:
lxc restart $container

And it’s work at this time.

Thanks again for your advice.