Home / ubuntu / Questions / 1176412
In Process
tribbloid
Asked: 2019-09-25 11:22:44 +0800 CST

Is it possible to use systemd-resolved as a container-level DNS forwarder? Specifically by Anbox

  • 772

I'm using ubuntu 18.04 which has systemd-resolved enabled by default, and by convention the local 'virtual' DNS ip address set to 127.0.0.53:53. other dns services like dnsmasq are not installed, all their configurations and launching scripts are purged from the system so they have no impact.

The local DNS seems to be functioning properly. When I test it using dig it yields the proper lookup:

$ dig @127.0.0.53 www.google.com

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> @127.0.0.53 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21226
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.google.com.            IN  A

;; ANSWER SECTION:
www.google.com.     18  IN  A   172.217.1.164

;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Sep 24 01:24:52 EDT 2019
;; MSG SIZE  rcvd: 59

In comparison, the LAN DNS suggested by DHCP gives similar lookup:

$ dig @192.168.0.1 www.google.com

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> @192.168.0.1 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11809
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.            IN  A

;; ANSWER SECTION:
www.google.com.     53  IN  A   172.217.0.228

;; Query time: 65 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Sep 24 01:25:12 EDT 2019
;; MSG SIZE  rcvd: 59

Unfortunately it appears that they differs in terms of capability. When they are used as DNS server by local containers (e.g. Anbox for android simulation):

$ sudo snap get anbox -d
{
    "bridge": {
        "nat": {
            "enable": true
        }
    },
    "container": {
        "network": {
            "dns": "127.0.0.53"
        }
    },
    "rootfs-overlay": {
        "enable": true
    }
}

It turns out that only the LAN DNS 192.168.0.1 can work properly, the local 'virtual' DNS 127.0.0.53 can only be pinged, but no lookup can be performed.

My questions are:

  1. Is the systemd-resolved functioning properly as a DNS forwarder now?

  2. How to further identify the problem using whatever tools available in ubuntu, adb, and android application?

It should be noted that I have all firewall disabled to simplify test. And the default DNS 8.8.8.8 also doesn't work for unknown reason. The adb shell doesn't have enough utilities to further identify DNS problem

dns container systemd-resolved anbox

0 Answers