-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot resolve container hostnames in internal network #1055
Comments
Do you have firewalld running, or other firewall rules configured? The thing for internal networks is that we do not configure any firewall rules at all as they are internal. However it seems (at least) firewalld is blocking the dns quires by default so it cannot connect to the aardvark-dns instance. For firewalld we need to set it trusted like we do for normal non internal networks cc @mheon |
Yes, I have firewalld using the default settings from Fedora 40 Server. |
A friendly reminder that this issue had no activity for 30 days. |
@Luap99 Is this still an issue ? I have firewalld enabled and for me this works on |
Nvm i think my driver is being selected as |
No it doesn't, in general an internal network doesn't create any firewall rule whatsoever currently as pointed out above as such the driver doesn't matter. The issue is that if your host has a rule to drop all traffic by default then this will break our dns queries (that may be set by firewalld or any other user). We explicitly add an accept rule for out dns traffic for normal networks but as internal ones do not use the firewall driver this is not added there. We certainly must fix that to always add such rule if dns is enabled. This is also the reason for #1051. I will transfer the issue to netavark as it must be fixed there. |
@Luap99 I tried this on my machine ,
and
also tried resolution between two containers on internal network and it worked just fine, i am not using |
yes because you have a default accept rule, change your firewall to default drop and it will no longer work. |
That must be it, i have a default accept rule. |
Issue Description
The DNS resolution in an internal network doesn't work. The DNS server is unreachable.
Steps to reproduce the issue
Steps to reproduce the issue. Run all commands as root:
Describe the results you received
Internal DNS server is unreachable. I cannot resolve other container hostnames in an internal network.
Describe the results you expected
This network uses the netavark backend and the bridge driver, so I expect a working DNS functionality.
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: