DNS in Ubuntu + LXC

I've been recently playing with LXC containers on a new Dedicated Server I'm going to migrate to shortly.

While setting up LXC is a no brainer, and the containers are all able to resolve one another using dnsmasq (usually 10.0.3.1), the host system however isn't capable of resolving them.

In my usecase, I'm using Ubuntu 13.10 as the host, and while I'm using that as well for the OS in the containers, the OS in the containers themselves shouldn't matter.

Here is how I managed to have everything working as it should:

Set the correct networking information for resolvconf

root@carroarmato0:~# cat /etc/network/interfaces
# The primary network interface
auto eth0
iface eth0 inet static
	address < some IP address >
	netmask < some netmask >
	gateway < some gateway >
	dns-nameservers < your prefered public DNS servers >

Note that I'm not including 127.0.0.1 nor 10.0.3.1 in there.
This information will be used by resolvconf everytime something changes on the networking part (reboot, or manual reload of resolvconf)

Set the order in which the resolver is going to query DNS

root@carroarmato0:~# cat /etc/resolvconf/resolv.conf.d/head 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.3.1

Execute resolvconf -u

This will reload your /etc/resolv.conf file, which should now look like this:

root@carroarmato0:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.3.1
nameserver < the DNS server you configured in /etc/network/interfaces >
nameserver < the eventual secondary DNS server you configured in /etc/network/interfaces >

This will set the order by which the resolver is going to query your specified DNS servers.

Conclusion

Theoretically that should be enough and you should be able to resolve by pinging the name of your containers.

I personally use the .lxc as the domain name for my containers.

root@carroarmato0:~# cat /etc/default/lxc-net
...
LXC_DOMAIN="lxc"
...

Don't forget to execute service lxc-net restart if you change that file.

Your containers should also be setup to use the domain prefix for consistency:

root@carroarmato0:~# cat /var/lib/lxc/myrandomcontainer.lxc/config 
...
lxc.utsname = myrandomcontainer.lxc
...

And now you should be able to ping:

root@carroarmato0:~# ping -nc1 myrandomcontainer.lxc
PING myrandomcontainer.lxc (10.0.3.252) 56(84) bytes of data.
64 bytes from 10.0.3.252: icmp_seq=1 ttl=64 time=0.044 ms
--- myrandomcontainer.lxc ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms

Hope this helps!

Mastodon