-
Notifications
You must be signed in to change notification settings - Fork 655
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
instance.multipass domain names do not resolve #1830
Comments
@Saviq Oh! Is this not expected to work? (re: your bug → enhancement label switch) I assumed the |
@tsibley indeed, not, it's not implemented yet. Sure, it's trivial with We generally dislike adding features that only work on a subset of platforms, and while this would be great to have, we have to consider that it may only be possible on Linux. Our next release will have bridging, at which point that could be used to address |
Nod. I didn't mean to suggest adding the feature just for Linux hosts. One of the attractions of Multipass to me is the multi-platform host support and consistency across platforms. I'd be in support of solutions like |
Usually your home domain will be searched, so as long as your instance names were unique with any physical hosts, just None of the above are exclusive, either :) |
Ah, both true! :-) Out of curiosity, I did some digging about if this is supportable on macOS. It appears that domain-specific DNS resolvers have long been possible on that platform by creating files under /etc/resolver/. For example, Multipass could put the following under /etc/resolver/multipass:
A few pages with more information: |
On Linux hosts without systemd-resolved, there are a few other potential solutions as well, like those documented by Arch Linux. |
and because I couldn't resist, on Windows 10 (maybe earlier too?) it looks like there's a PowerShell command for setting domain-specific DNS servers: https://docs.microsoft.com/en-us/powershell/module/dnsclient/add-dnsclientnrptrule?view=win10-ps |
Cool, thanks a lot for the research @tsibley! The problem is that on both macOS and Windows, it's them that provide the resolvers. And so far I have not found a way to tell them that |
@Saviq Hmm. So you're saying that Multipass instances on macOS and Windows cannot resolve |
Unfortunately yes, we don't control the DNS resolvers on Windows or macOS, and there's no way we can tell them to resolve |
Ok. It seems then that The minimal resolver could only handle very simple queries and still be useful for this. I imagine it could either be implemented in C++ as part of Multipass (especially if there's a decent library for stubbing most of this) or perhaps using existing software on some platforms, like dnsmasq on Linux. |
@Saviq Regarding this issue, I want to know more about the workaround for this issue in macOS without doing anything with the instance. Like, install and configure dnsmasq with a zsh script. Please share any such links or scripts that configure multipass to use dnsmasq in macOS 11. |
@nikhiljohn10 there are no such scripts, it's just not possible with how networking is currently set up, because bootpd is what gives out DHCP on the network the instances connect to. |
what about using a parallel DHCP and DNS server dedicated to multipass and DNS server forward request to macOS's DNS servers? |
We'd need to set up our own network, too, which is likely not worth it for just this. We're working (#1857) on a qemu-based solution for macOS which will allow bridging in the long run, so you'll be able to use your router's configuration. And then there's the |
@nikhiljohn10 just install $ multipass launch --cloud-init - <<EOF
packages: [avahi-daemon]
EOF
Launched: decorous-barbet
$ multipass exec impish-bandicoot ping decorous-barbet.local
PING decorous-barbet.local (192.168.64.63) 56(84) bytes of data.
64 bytes from 192.168.64.63 (192.168.64.63): icmp_seq=1 ttl=64 time=0.398 ms
... |
This is only partially working. the When I try the commands in same vm, it works. ubuntu@stepca:~$ ping stepca.local -c2
PING stepca.local (192.168.65.16) 56(84) bytes of data.
64 bytes from stepca (192.168.65.16): icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from stepca (192.168.65.16): icmp_seq=2 ttl=64 time=0.043 ms
--- stepca.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1047ms
rtt min/avg/max/mdev = 0.016/0.029/0.043/0.013 ms
ubuntu@stepca:~$ nslookup stepca.local
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: stepca.local
Address: 192.168.65.16
Name: stepca.local
Address: fe80::c8ee:94ff:fea8:b020
ubuntu@stepca:~$ dig stepca.local
; <<>> DiG 9.16.1-Ubuntu <<>> stepca.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7708
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;stepca.local. IN A
;; ANSWER SECTION:
stepca.local. 0 IN A 192.168.65.16
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 16 11:44:44 IST 2021
;; MSG SIZE rcvd: 57 But when it do these commands in another vm, ubuntu@subscriber:~$ ping stepca.local -c2
PING stepca.local (192.168.65.16) 56(84) bytes of data.
64 bytes from 192.168.65.16 (192.168.65.16): icmp_seq=1 ttl=64 time=0.346 ms
64 bytes from 192.168.65.16 (192.168.65.16): icmp_seq=2 ttl=64 time=0.471 ms
--- stepca.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1076ms
rtt min/avg/max/mdev = 0.346/0.408/0.471/0.062 ms
ubuntu@subscriber:~$ nslookup stepca.local
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find stepca.local: SERVFAIL
ubuntu@subscriber:~$ dig stepca.local
; <<>> DiG 9.16.1-Ubuntu <<>> stepca.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;stepca.local. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 16 11:46:19 IST 2021
;; MSG SIZE rcvd: 41 This is important for my work. I am creating a demo tutorial for @Saviq I could not understand how to control mdns or avahi. Please tell me if there is anything I can do to fix this? |
That's because the tools you mention talk to name servers directly, they don't go through NSS.
All that should not prevent services to resolve those domains through NSS, like |
ubuntu@subscriber:~$ step ca bootstrap \
> --ca-url https://stepca.local \
> --fingerprint 5995e7954803de536f6cbbd01b0e9f5dc7b61466aee1b71bf8fd926fa85c72c3
error downloading root certificate: client.Root;
client GET https://stepca.local/root/5995e7954803de536f6cbbd01b0e9f5dc7b61466aee1b71bf8fd926fa85c72c3
failed: Get "https://stepca.local/root/5995e7954803de536f6cbbd01b0e9f5dc7b61466aee1b71bf8fd926fa85c72c3":
dial tcp: lookup stepca.local on 127.0.0.53:53: server misbehaving This error is only found with macOS and avahi-daemon installation inside each VM. Hence it uses 'local' as TLD. Since it works in Ubuntu with multipass domain name, I am assuming it have something to do with dns resolution using avahi. |
Could not find this file in macOS. (Currently using macOS 11.5.1)
Inside ubuntu VM, it is as follows.
|
If you can
Yeah it's specific to Linux.
Do you have Can you come to IRC for a more interactive debugging session? https://web.libera.chat/?channels=#multipass |
Yes, I have installed
I'll join soon. |
|
Thanks @maraino for that detail! @nikhiljohn10 here's how to enable mDNS inside systemd-resolved. It's a bit more involved than I'd like (partly due to netplan bug LP#1830507), but it seems to do the trick: # mdns.yaml
write_files:
- path: /etc/systemd/resolved.conf
append: true
content: |
MulticastDNS=yes
- path: /etc/systemd/system/[email protected]
content: |
[Service]
Type=oneshot
ExecStart=/usr/bin/systemd-resolve --set-mdns=yes --interface=%i
After=sys-subsystem-net-devices-%i.device
[Install]
WantedBy=sys-subsystem-net-devices-%i.device
runcmd:
- systemctl restart systemd-resolved.service
- systemctl start [email protected]
- systemctl enable [email protected] $ multipass launch --cloud-init mdns.yaml
Launched: qualified-cod
$ multipass launch --cloud-init mdns.yaml
Launched: handy-troll
$ multipass exec qualified-cod -- dig handy-troll.local | grep -A1 'ANSWER SECTION'
;; ANSWER SECTION:
handy-troll.local. 97 IN A 192.168.65.51 |
Yeah systemd-resolved implements the same functionality that |
@Saviq
|
This seems to do the trick for dns resolution for # Set dns mode
sudo lxc network set mpbr0 dns.mode=managed
# Set dns domain
sudo lxc network set mpbr0 dns.domain=multipass
sudo lxc network show mpbr0
dns_address=$(sudo lxc network get mpbr0 ipv4.address | sed -En -e 's/([0-9.]+).*/\1/p')
dns_domain=$(sudo lxc network get mpbr0 dns.domain)
cat <<EOF | sudo tee /etc/systemd/system/multipass-dns-mpbr0.service
[Unit]
Description=LXD per-link DNS configuration for mpbr0 (multipass)
BindsTo=sys-subsystem-net-devices-mpbr0.device
After=sys-subsystem-net-devices-mpbr0.device
[Service]
Type=oneshot
ExecStart=/usr/bin/resolvectl dns mpbr0 "$dns_address"
ExecStart=/usr/bin/resolvectl domain mpbr0 "~${dns_domain}"
ExecStopPost=/usr/bin/resolvectl revert mpbr0
RemainAfterExit=yes
[Install]
WantedBy=sys-subsystem-net-devices-mpbr0.device
EOF
# Enable and restart service
sudo systemctl daemon-reload
sudo systemctl enable --now multipass-dns-mpbr0 Adapted from: https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_resolved/#network-bridge-resolved-configure |
Describe the bug
Instance names don't resolve on the host as
instance-name.multipass
(but they do within instances).To Reproduce
Launched an instance with
multipass launch example
, verified it was running withmultipass list
, and then ranhost example.multipass
andping example.multipass
.Expected behavior
example.multipass
resolves to the instance IP and ping succeeds.Logs
Logs starting from
multipass launch
and covering until the failedping
(as above).Additional info
multipass info example
Additional context
I was able to make this work by manually configuring DNS for the multipass interface with
systemd-resolve
:When I then
ping example.multipass
, it's successful, and I see some log lines from dnsmasq:The multipass network is 10.84.39.1/24 and my home network is 10.0.0.1/24. I wonder if the problem arises because my home network is also under the 10/8 space?
The text was updated successfully, but these errors were encountered: