Let’s say I have a container p1-c1 in the project p1 assigned to network p1-n1.
I also hava a second container p1-c2 also in the project p1 also assigned to netwok p1-n1.
From p1-c1 I am able to resolve p1-c2 and vice versa.
Now let’s add a third container p2-c1 in the project p2 assigned to network p2-n1
From p2-c1 I am able to ping all containers IPs but I am unable to resolve containers on p1-n1.
Is there something I can use as configuration that would allow this ?
Each network runs its own dnsmasq instance, so you can’t resolve containers that are attached to different networks. Making it possible would get pretty tricky pretty quickly, especially given multiple projects and complex permissions and ownership in some scenarios.
Network zones could be used to fix that. Effectively having each network be assigned a zone, then have an external DNS server like bind9 or maybe unbound pull the zones from Incus and handle all DNS queries for your instances.
It’s usually something that makes sense in larger environments, but once you start playing with multiple networks and projects, you pretty rapidly get to that point.
Quick question tho, what is I have two networks and on both of them I configure dns.nameservers with the IP addresses of the two networks ?
Wouldn’t that make query both dnsmasq instances ?
It will very much depend on the behavior of the system in the instance.
I think systemd-resolved may work in that scenario as it will hit both servers at once and ignore the failure from the one that doesn’t have the record.
But systems using normal Linux DNS handing will go sequentially and will treat a NXDOMAIN error from the DNS server at authoritative so won’t go hit the next server.
