Static hostname mapping/resolution for containers

On my incus host server (running debian 12), I have an entry in my /etc/hosts file

192.168.1.2 specialserver

when I ping that from the host, it resolves (not using DNS of course). Inside the container, I can ping by ip address but not by the server name “specialserver”. If I add it to the /etc/hosts file inside the container it will resolve to the ip address given.

Is there a way to set this at the incus level, rather than inside the container? Either have the containers check the host if they don’t find a DNS match and then have the host provide the static mapping OR setup something in incus networking to just do the resolution for the containers?

trying to avoid having to update/maintain a bunch of /etc/hosts in the containers.

You should be able to tell dnsmasq to do that for you through raw.dnsmasq on the network.

Setting it to -H /etc/hosts should do the trick to read the host system’s hosts file, but you could also point to your own separate file.

I tried the following but can’t seem to figure out how to add it.

echo -e “-H /etc/hosts” | incus network set lxdbr0 raw.dnsmasq -

which resulted in:

Error: The DNS and DHCP service exited prematurely: exit status 1 (“dnsmasq: bad option at line 1 of /var/lib/incus/networks/lxdbr0/dnsmasq.raw”)

I also tried

incus network set lxdbr0 raw.dnsmasq “-H /etc/hosts”

and received the following

Error: unknown shorthand flag: ‘H’ in -H /etc/hosts

Try:

incus network set incusbr0 raw.dnsmasq 'addn-hosts=/etc/hosts'

That got it added but still doesn’t seem to be doing the address resolution.

I also tried adding the options

bind-interfaces
localise-queries

I tried stopping/starting the container but that didn’t seem to have any effect either.

not sure if this is relevant or not, but tried running dig from both the host and the container to try to compare things.

From the host:
root@incushost:~# dig specialserver

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> specialserver
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31091
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;specialserver. IN A

;; AUTHORITY SECTION:
. 2836 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2024080900 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 1.2.3.2#53(1.2.3.2) (UDP)
;; WHEN: Fri Aug 09 11:43:57 UTC 2024
;; MSG SIZE rcvd: 123

incus exec mycontainer /bin/bash
root@mycontainer:~# dig specialserver

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> specialserver
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 37566
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;specialserver. IN A

;; Query time: 3992 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Aug 09 07:46:11 EDT 2024
;; MSG SIZE rcvd: 48

I don’t think the container has a firewall running or anything (iptables/ufw commands return a not found message from the command line) and I am using the default debian/bookworm/cloud image.

On the host, I have iptables set to allow all in/out from any address for troubleshooting things.