DNS resolution in LXC container

andre88 · April 29, 2019, 2:08pm

Hi all,
I’m using srsLTE-emane (https://github.com/adjacentlink/srsLTE-emane), an open source software that emulates LTE Network, and I have a problem with DNS resolution in LXC container.

I’m running a demonstration (found on https://github.com/adjacentlink/emane-model-lte.git) made by three containers: ue-02 (the mobile phone), enb-21 (the radio base station) and epc-01 (the core network of LTE). I’m able to ping any IP address from ue-02 (for example 104.83.108.242):

root@ue-02:~# ping 104.83.108.242 -c 5
PING 104.83.108.242 (104.83.108.242) 56(84) bytes of data.
64 bytes from 104.83.108.242: icmp_seq=1 ttl=50 time=96.8 ms
64 bytes from 104.83.108.242: icmp_seq=2 ttl=50 time=95.1 ms
64 bytes from 104.83.108.242: icmp_seq=3 ttl=50 time=94.5 ms
64 bytes from 104.83.108.242: icmp_seq=4 ttl=50 time=93.0 ms
64 bytes from 104.83.108.242: icmp_seq=5 ttl=50 time=91.8 ms

I’m not able to activate the DNS resolution (where www.repubblica.it is the internet site related to 104.83.108.242):

root@ue-02:~# nslookup www.repubblica.it
;; connection timed out; no servers could be reached

root@ue-02:~# LC_ALL=C ping www.repubblica.it
ping: www.repubblica.it: Name or service not known

I have read the instructions to modify the file resolv.conf, but these containers don’t have this file: these are a bit different from classical LXC containers. The unique configuration file is lxc.conf.

lxc.conf:

lxc.uts.name=ue-02
lxc.net.0.type=veth
lxc.net.0.name=backchan0
lxc.net.0.flags=up
lxc.net.0.link=letce0
lxc.net.0.ipv4.address=10.88.1.2/24
lxc.net.0.veth.pair=aveth.3.0
lxc.net.1.type = empty
lxc.net.1.flags=up

lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.cgroup.devices.allow = a
lxc.mount.auto = proc sys cgroup


lxc.autodev = 1
lxc.hook.autodev = /usr/share/emane-model-lte/demo/two_ues/ue-02/lxc.hook.autodev.sh
lxc.apparmor.profile = unconfined

the only differences with lxc.conf of the other two containers are in the name and in the IP addresses.

I have tried to modify the file lxc.conf in /etc/dnsmasq.d-available, adding the line

dhcp-option=option:dns-server,8.8.8.8

and also (alternately)

dhcp-option=option:dns-server,0.0.0.0,8.8.8.8

but this did not work.

Someone could help me?

Thank you very much!!

Andrea

CyrusTheVirusG · May 5, 2019, 5:40am

Try editing /etc/systemd/resolved.conf inside your container.

andre88 · May 7, 2019, 8:12am

Hi CyrusTheVirusG,
thank you for your answer. I tried it, but it doens’t work.

I have solved with another suggestion, typing
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf

Andrea

CyrusTheVirusG · May 7, 2019, 12:42pm

Ah forgot to mention the restart:

systemctl restart systemd-resolved

Not sure if your changes are permanent the way you are doing it.

You can verify the nameservers in use with:

systemd-resolve --status

andre88 · May 8, 2019, 8:02am

Yes I had restarted, but it didn’t work (I don’t know why).

The changes are not permanent by my way. But, at least for me, is not a problem: I run the command every time I need it.

Olivier.G · January 5, 2025, 10:36pm

Set it to the IP address of the gateway, you have (if lxc-net is launched), a dnsmasq that listen on it.

With default configuration of lxc-net, nameserver should be something like like this in /etc/resolv.conf:

nameserver 10.0.3.1
nameserver fe80::216:3eff:fe00:0%2
search .

Strangely it’s not needed with Arch Linux that automatically set it, but it’s needed with Debian, probably due to DHCP default settings. I need to figure out why, I only try LXC for few days now.

I thought about different option relative to DHCP in /etc/system/network/eth0.network, but putting the exact same file don’t resolv the problem.

balst01 · April 25, 2025, 7:12pm

I’m having this exact issue, and I can’t work it out. My container is using an existing bridge (br0) to get a real local IP, and all the networking works fine; I can ping all the hosts on my local network, I can ping my container from any other host, and I can ping external IPs like google.com from the container, but the container cannot get to port 53 anywhere:

# nc -vz 8.8.8.8 53
nc: connect to 8.8.8.8 port 53 (tcp) failed: Connection refused

or even my local DHCP server:

# nc -vz 192.168.86.1 53
nc: connect to 192.168.86.1 port 53 (tcp) failed: Connection refused

If I try the identical command on may main host:

# nc -vz 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!

ufw is completely disabled on my main host, and it is not even installed on my container.

There’s something I’m not seeing here. What is it about the LXC configuration that is blocking any access to port 53, yet all the other networking works fine, e.g. port 80 at google.com has no issue:

# nc -vz 142.251.16.139 80
Connection to 142.251.16.139 80 port [tcp/http] succeeded!

There has to be something in the LXC config which is causing this, but I just can’t see it