LXD container hostnames on the host

Hi,

I followed instructions on:
1 - How to use LXD container hostnames on the host in Ubuntu 18.04 – Mi blog lah!
and
2 - https://lxd.readthedocs.io/en/stable-4.0/networks/ (Integration with systemd-resolved)

Nothing works for me.
On first solution when I add raw dnsmasq definition, I lose instantly name resolution in my container ??

lxd version: 4.16 on ubuntu 20.04, with snap (core20)

with this configuration withput raw.dnqmasq, the ping inside a container to others works fine:
lxc network show lxdbr0

config:
dns.domain: lxd
dns.mode: managed
ipv4.address: 10.0.0.1/24
ipv4.dhcp.ranges: 10.0.0.20-10.0.0.254
ipv4.nat: “true”
ipv6.address: fd42:1f43:59be:80f7::1/64
ipv6.nat: “true”
description: “”
name: lxdbr0
type: bridge
used_by:

• /1.0/instances/svc-apache
• /1.0/instances/svc-haproxy
• /1.0/profiles/default
  managed: true
  status: Created
  locations:
• none

with raw.dnsmasq addition:
lxc network show lxdbr0

config:
dns.domain: lxd
dns.mode: managed
ipv4.address: 10.0.0.1/24
ipv4.dhcp.ranges: 10.0.0.20-10.0.0.254
ipv4.nat: “true”
ipv6.address: fd42:1f43:59be:80f7::1/64
ipv6.nat: “true”
raw.dnsmasq: |
auth-zone=lxd
dns-loop-detect
description: “”
name: lxdbr0
type: bridge
used_by:

• /1.0/instances/svc-apache
• /1.0/instances/svc-haproxy
• /1.0/profiles/default
  managed: true
  status: Created
  locations:
• none

ping inside a container to others (same network lxdbr0) failed ??

ping svc-apache
ping: bad address ‘svc-apache’

If I revert the additions of raw.dnsmasq, everything works fine.

When I complete instructions in the two methods, host can not be resolve container names.

systemd-resolve --status lxdbr0

Link 4 (lxdbr0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.0.0.1
DNS Domain: lxd

If anyone have a good solution to accomplish it ? I will appreciate it
thanks by advance ;o)

Exactly same problems with raw.dnsmasq addition:

echo -e “auth-zone=lxd\ndns-loop-detect” | lxc network set lxdbr0 raw.dnsmasq -

for
lxd 4.16 on manjaro 21.1.0

I lose name resolution in container to others
When i revert name resolution comes back

lxc network unset lxdbr0 raw.dnsmasq

Did you try the recently updated guide here (note you’re using the old docs link and for the LTS version, but the latest docs containe some differences):

https://linuxcontainers.org/lxd/docs/master/networks#integration-with-systemd-resolved

Specifically the bit starting: “The newer method to notify resolved is using the resolvectl command, which would be done in two steps:”…

Make sure to remove any existing custom config you’ve added first though!

Thanks for your help ;o)

On my desktop with manjaro 21.1.0 and lxd 4.16

this simple way works fine:

systemd-resolve --interface lxdbr0 --set-domain ‘lxd’ --set-dns 10.0.0.1

even with “dns.mode = managed” !

I can use also (with a systemd-resolve --interface lxdbr0 --revert)

resolvectl dns lxdbr0 10.0.0.1
resolvectl domain lxdbr0 ‘lxd’

But for the domain ‘~lxd’, it do not work at all ??

And for ubuntu 20.04 server hosted on OVH, nothing works ??

on manjaro:

resolvectl status lxdbr0

Link 3 (lxdbr0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.1
DNS Servers: 10.0.0.1
DNS Domain: lxd

systemd 248 (248.6-1-manjaro)

+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified

on ubuntu:

resolvectl status lxdbr0

Link 4 (lxdbr0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.0.0.1
DNS Domain: lxd

systemd 245 (245.4-4ubuntu3.11)

+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid

I’ve found systemd is extremely fickle about interfaces coming and going affecting how the per-interface resolver settings work. If lxdbr0 goes and then comes back again, you have to restart the system to get systemd-resolved to start using the per-interface DNS settings again. This seems like a systemd bug, as it seems to lose the fact that the interface is up and available for use, even if you re-run the same commands again.

I’m sad to tell you that your recommendations failed to get work the name resolution on host for ubuntu 20.04.
it works well on manjaro 21.1.0

for my network lxdbr0:

config:
dns.domain: lxd
dns.mode: managed
ipv4.address: 10.0.0.1/24
ipv4.dhcp.ranges: 10.0.0.20-10.0.0.254
ipv4.nat: “true”
ipv6.address: fd42:1f43:59be:80f7::1/64
ipv6.nat: “true”
description: “”
name: lxdbr0
type: bridge
used_by:

• /1.0/instances/svc-apache
• /1.0/instances/svc-haproxy
• /1.0/instances/test
• /1.0/profiles/default
  managed: true
  status: Created
  locations:
• none

I tried with reboot at each time:

resolvectl dns lxdbr0 10.0.0.1
resolvectl domain lxdbr0 ‘~lxd’

resolvectl status lxdbr0

Link 4 (lxdbr0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.0.0.1
DNS Domain: lxd

and:

resolvectl dns lxdbr0 10.0.0.1
resolvectl domain lxdbr0 ‘lxd’

I’m going to try it on debian10 on the host OVH, to see difference ??
Maybe OVH (the host) made specific changes?

The guide was originally tested on Ubuntu 20.04 so does (at least in some environments!) work

I would suggest you first rule out any firewall issues by using dig @10.0.0.1 <an instance name>.lxd and check it works.

Also have you checked your DNS queries are actually going into systemd-resolved btw?

Here is the result:
lxc list

| alpine314 | RUNNING | 10.0.1.184 (eth0) | fd42:65dd:18fa:830:216:3eff:fe21:1b70 (eth0) | CONTAINER | 0 |
±------------±--------±------------------±----------------------------------------------±----------±----------+
| svc-apache | RUNNING | 10.0.0.10 (eth0) | fd42:1f43:59be:80f7:216:3eff:fee6:3f44 (eth0) | CONTAINER | 0 |
±------------±--------±------------------±----------------------------------------------±----------±----------+
| svc-haproxy | RUNNING | 10.0.0.2 (eth0) | fd42:1f43:59be:80f7:216:3eff:fecd:35df (eth0) | CONTAINER | 0 |
±------------±--------±------------------±----------------------------------------------±----------±----------+
| test | RUNNING | 10.0.0.209 (eth0) | fd42:1f43:59be:80f7:216:3eff:fee1:aa0 (eth0) | CONTAINER | 0 |

dig @10.0.0.1 test.lxd

; <<>> DiG 9.16.1-Ubuntu <<>> @10.0.0.1 test.lxd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20263
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.lxd. IN A

;; ANSWER SECTION:
test.lxd. 0 IN A 10.0.0.209

;; Query time: 0 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Wed Aug 04 17:43:25 CEST 2021
;; MSG SIZE rcvd: 53

here is IPs used by systemd-resolve:

cat /run/systemd/resolve/resolv.conf

nameserver 213.186.33.99
nameserver 10.0.0.1
nameserver 2001:41d0:3:163::1
search lxd

I’ve tested this in a fresh Ubuntu 20.04 VM based on steps from Networks | LXD

# Create Ubuntu 20.04 VM for testing and enter its shell.
lxc launch images:ubuntu/focal v1 --vm
lxc shell v1

# Check we are using systemd-resolved for resolution.
cat /etc/resolv.conf 
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search lxd

# Install LXD inside VM.
apt install snapd -y; snap install lxd
lxd init --auto

# Confirm lxdbr0 network settings.
lxc network show lxdbr0
config:
  ipv4.address: 10.37.134.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:1be6:9c46:ebef::1/64
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

# Launch a container connected to lxdbr0.
lxc launch images:ubuntu/focal c1

# Check DNS is working for .lxd domain inside container.
lxc exec c1 -- ping _gateway.lxd -4 -c 1
PING _gateway.lxd (10.37.134.1) 56(84) bytes of data.
64 bytes from _gateway.lxd (10.37.134.1): icmp_seq=1 ttl=64 time=0.019 ms

--- _gateway.lxd ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.019/0.019/0.019/0.000 ms

# Check DNS to lxdbr0's DNS server is working from host (manually).
apt install dnsutils -y
dig @10.37.134.1 A c1.lxd

; <<>> DiG 9.16.1-Ubuntu <<>> @10.37.134.1 A c1.lxd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;c1.lxd.				IN	A

;; ANSWER SECTION:
c1.lxd.			0	IN	A	10.37.134.134

;; Query time: 0 msec
;; SERVER: 10.37.134.1#53(10.37.134.1)
;; WHEN: Wed Aug 04 16:23:42 UTC 2021
;; MSG SIZE  rcvd: 51

# Setup systemd-resolved in VM to query lxdbr0's DNS server for .lxd domains.
# Create /etc/systemd/system/lxd-dns-lxdbr0.service containing:
[Unit]
Description=LXD per-link DNS configuration for lxdbr0
BindsTo=sys-subsystem-net-devices-lxdbr0.device
After=sys-subsystem-net-devices-lxdbr0.device

[Service]
Type=oneshot
ExecStart=/usr/bin/resolvectl dns lxdbr0 10.37.134.1
ExecStart=/usr/bin/resolvectl domain lxdbr0 '~lxd'

[Install]
WantedBy=sys-subsystem-net-devices-lxdbr0.device

#Activate systemd server
sudo systemctl daemon-reload
sudo systemctl enable --now lxd-dns-lxdbr0

# Check resolvectl status
resolvectl status lxdbr0
Link 9 (lxdbr0)
      Current Scopes: DNS        
DefaultRoute setting: no         
       LLMNR setting: yes        
MulticastDNS setting: no         
  DNSOverTLS setting: no         
      DNSSEC setting: no         
    DNSSEC supported: no         
  Current DNS Server: 10.37.134.1
         DNS Servers: 10.37.134.1
          DNS Domain: ~lxd       

# Check DNS resolution from the host.
dig A c1.lxd

; <<>> DiG 9.16.1-Ubuntu <<>> A c1.lxd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18783
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;c1.lxd.				IN	A

;; ANSWER SECTION:
c1.lxd.			0	IN	A	10.37.134.134

;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Aug 04 16:39:12 UTC 2021
;; MSG SIZE  rcvd: 51

ping c1.lxd -c1 -4
PING c1.lxd (10.37.134.134) 56(84) bytes of data.
64 bytes from 10.37.134.134 (10.37.134.134): icmp_seq=1 ttl=64 time=0.033 ms

--- c1.lxd ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.033/0.033/0.033/0.000 ms

So that works. Now lets try and break it…

ip link delete lxdbr0
resolvectl status lxdbr0
Failed to resolve interface "lxdbr0", ignoring: No such device

ping c1.lxd -c1 -4
ping: c1.lxd: Name or service not known

sudo systemctl reload snap.lxd.daemon

resolvectl status lxdbr0
Link 6 (lxdbr0)
      Current Scopes: none       
DefaultRoute setting: no         
       LLMNR setting: yes        
MulticastDNS setting: no         
  DNSOverTLS setting: no         
      DNSSEC setting: no         
    DNSSEC supported: no         
         DNS Servers: 10.37.134.1
          DNS Domain: ~lxd       

ping c1.lxd -c1 -4
ping: c1.lxd: Name or service not known

lxc restart c1

ping c1.lxd -c1 -4
PING c1.lxd (10.37.134.134) 56(84) bytes of data.
64 bytes from 10.37.134.134 (10.37.134.134): icmp_seq=1 ttl=64 time=0.034 ms

--- c1.lxd ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.034/0.034/0.034/0.000 ms

Seems to cope with lxdbr0 coming and going OK.

What is the contents of /etc/resolv.conf ?

here is my /etc/resolv.conf
nameserver 213.186.33.99

Yeah so that is wrong, it’s not using systemd-resolved for DNS. Take a look at my example above for what it should be.

I’m going to try in my laptop to see difference with my host OVH…

Thank you, I come back with the result of my test

On my laptop with ubuntu 20.04 & lxd 4.16 it works directly fine !

I can use the name resolution with only this 2 lines like described in documentation (like in my manjaro desktop)

resolvectl dns lxdbr0 10.0.0.1
resolvectl domain lxdbr0 ‘lxd’

Here is my /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad

Thank you for your patience ;o)

I need to find out why in OVH host, their configuration is breaking this ?? My networking knowledge may not be enough …

Maybe you have a way to help me with my research?

I found a solution for server ubuntu 20.04 for my host OVH !
I kept your definition of /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad
search lxd

(for manjaro desktop this definition is to put in /etc/resolvconf.conf
and enable systemd-resolved)

and to declare lxdbr0 network:
just put in /etc/systemd/network/lxdbr0.network

[Match]
Name=lxdbr0

[Network]
DNS=10.0.0.1
Domains=~lxd

reboot

Thank’s a lot for your help !!

Extraordinarily useful working through this in a VM, then on my Ubuntu 22.04 workstation.
I also found How to troubleshoot DNS with systemd-resolved? gave useful troubleshooting hints. Container name resolution now working for me, and the mechanisms better understood.
Many thanks…