Is it possible to run bind inside a nspawn container? Created a container with pacstrap -k base into /var/lib/machines/Bind/ set root password in container Using host networking machinectl start Bind machinectl login Bind Login as root root@Bind named]# pacman -Syy&&pacman -S bind vim Configured bind as resolver per archlinux wiki BIND root@Bind named]# systemctl start named&&systemctl status named ● named.service - Internet domain name server Loaded: loaded (/usr/lib/systemd/system /named.service; enabled; preset: disabled) Active: active (running) since Thu 2025-07-17 19:45:23 EDT; 17ms ago Invocation: f5eddb5e40fb4c548d8eae7671c563fd Main PID: 1109 ((named)) Tasks: 1 (limit: 19108) CPU: 9ms CGroup: /system.slice/named.service └─1109 "(named)" Jul 17 19:45:23 Bind systemd[1]: Started Internet domain name server. [root@Bind named]# dig @127.0.0.1 redhat.com ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ; <<>> DiG 9.20.11 <<>> @127.0.0.1 redhat.com ; (1 server found) ;; global options: +cmd ;; no servers could be reached [root@Bind named]# dig @localhost. redhat.com ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ; <<>> DiG 9.20.11 <<>> @localhost. redhat.com ; (2 servers found) ;; global options: +cmd ;; no servers could be reached root@Bind named]# ps aux|grep named named 1109 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 1135 0.0 0.0 3796 2064 pts/1 S+ 19:47 0:00 grep named [root@pocket ~]# ps aux|grep named root 22107 0.0 0.0 16348 10928 pts/1 Sl+ 19:44 0:00 vim etc/named.conf vu-Bind+ 22145 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 22228 0.0 0.0 6468 2048 pts/0 S+ 19:47 0:00 grep named From journalctl: Jul 17 20:00:34 Bind named[1306]: couldn't add command channel 127.0.0.1#953: permission denied Jul 17 20:00:34 Bind named[1306]: configuring command channel from '/etc/rndc.key' Jul 17 20:00:34 Bind named[1306]: couldn't add command channel ::1#953: permission denied Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface end0, 192.168.50.5#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface lo, ::1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, 2603:6010:6c00:3f2e:2ecf:67ff:fed8:6900#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, fe80::2ecf:67ff:fed8:6900%2#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored Looks like it is running in the container but can not bind to any interfaces Looks like I am missing something or it just doesn't work. Anyone have any magic pixie dust? -- Hindi madali ang maging ako
Have a look at the man-pages for systemd-nspawn and systemd.nspawn. The available networking options are explained in there. Am 18.07.25 um 02:04 schrieb Pocket:
Is it possible to run bind inside a nspawn container?
Created a container with pacstrap -k base into /var/lib/machines/Bind/
set root password in container
Using host networking
machinectl start Bind machinectl login Bind
Login as root
root@Bind named]# pacman -Syy&&pacman -S bind vim
Configured bind as resolver per archlinux wiki BIND
root@Bind named]# systemctl start named&&systemctl status named ● named.service - Internet domain name server Loaded: loaded (/usr/lib/systemd/system /named.service; enabled; preset: disabled) Active: active (running) since Thu 2025-07-17 19:45:23 EDT; 17ms ago Invocation: f5eddb5e40fb4c548d8eae7671c563fd Main PID: 1109 ((named)) Tasks: 1 (limit: 19108) CPU: 9ms CGroup: /system.slice/named.service └─1109 "(named)"
Jul 17 19:45:23 Bind systemd[1]: Started Internet domain name server. [root@Bind named]# dig @127.0.0.1 redhat.com ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @127.0.0.1 redhat.com ; (1 server found) ;; global options: +cmd ;; no servers could be reached [root@Bind named]#
dig @localhost. redhat.com ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @localhost. redhat.com ; (2 servers found) ;; global options: +cmd ;; no servers could be reached
root@Bind named]# ps aux|grep named named 1109 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 1135 0.0 0.0 3796 2064 pts/1 S+ 19:47 0:00 grep named
[root@pocket ~]# ps aux|grep named root 22107 0.0 0.0 16348 10928 pts/1 Sl+ 19:44 0:00 vim etc/named.conf vu-Bind+ 22145 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 22228 0.0 0.0 6468 2048 pts/0 S+ 19:47 0:00 grep named
From journalctl:
Jul 17 20:00:34 Bind named[1306]: couldn't add command channel 127.0.0.1#953: permission denied Jul 17 20:00:34 Bind named[1306]: configuring command channel from '/etc/rndc.key' Jul 17 20:00:34 Bind named[1306]: couldn't add command channel ::1#953: permission denied Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface end0, 192.168.50.5#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface lo, ::1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, 2603:6010:6c00:3f2e:2ecf:67ff:fed8:6900#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, fe80::2ecf:67ff:fed8:6900%2#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored
Looks like it is running in the container but can not bind to any interfaces
Looks like I am missing something or it just doesn't work.
Anyone have any magic pixie dust?
On 7/18/25 6:36 AM, Uwe Sauter wrote:
Have a look at the man-pages for systemd-nspawn and systemd.nspawn.
The available networking options are explained in there.
Am 18.07.25 um 02:04 schrieb Pocket:
Is it possible to run bind inside a nspawn container?
Created a container with pacstrap -k base into /var/lib/machines/Bind/
set root password in container
Using host networking
machinectl start Bind machinectl login Bind
Login as root
root@Bind named]# pacman -Syy&&pacman -S bind vim
Configured bind as resolver per archlinux wiki BIND
root@Bind named]# systemctl start named&&systemctl status named ● named.service - Internet domain name server Loaded: loaded (/usr/lib/systemd/system /named.service; enabled; preset: disabled) Active: active (running) since Thu 2025-07-17 19:45:23 EDT; 17ms ago Invocation: f5eddb5e40fb4c548d8eae7671c563fd Main PID: 1109 ((named)) Tasks: 1 (limit: 19108) CPU: 9ms CGroup: /system.slice/named.service └─1109 "(named)"
Jul 17 19:45:23 Bind systemd[1]: Started Internet domain name server. [root@Bind named]# dig @127.0.0.1 redhat.com ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @127.0.0.1 redhat.com ; (1 server found) ;; global options: +cmd ;; no servers could be reached [root@Bind named]#
dig @localhost. redhat.com ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.20.11 <<>> @localhost. redhat.com ; (2 servers found) ;; global options: +cmd ;; no servers could be reached
root@Bind named]# ps aux|grep named named 1109 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 1135 0.0 0.0 3796 2064 pts/1 S+ 19:47 0:00 grep named
[root@pocket ~]# ps aux|grep named root 22107 0.0 0.0 16348 10928 pts/1 Sl+ 19:44 0:00 vim etc/named.conf vu-Bind+ 22145 0.0 0.1 223180 22328 ? Ssl 19:45 0:00 /usr/bin/named -f -u named root 22228 0.0 0.0 6468 2048 pts/0 S+ 19:47 0:00 grep named
From journalctl:
Jul 17 20:00:34 Bind named[1306]: couldn't add command channel 127.0.0.1#953: permission denied Jul 17 20:00:34 Bind named[1306]: configuring command channel from '/etc/rndc.key' Jul 17 20:00:34 Bind named[1306]: couldn't add command channel ::1#953: permission denied Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv4 interface end0, 192.168.50.5#53 Jul 17 20:00:34 Bind named[1306]: creating IPv4 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface lo, ::1#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface lo failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, 2603:6010:6c00:3f2e:2ecf:67ff:fed8:6900#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored Jul 17 20:00:34 Bind named[1306]: listening on IPv6 interface end0, fe80::2ecf:67ff:fed8:6900%2#53 Jul 17 20:00:34 Bind named[1306]: creating IPv6 interface end0 failed; interface ignored
Looks like it is running in the container but can not bind to any interfaces
Looks like I am missing something or it just doesn't work.
Anyone have any magic pixie dust?
While continuing to work on this I found that I needed the following cat /etc/systemd/nspawn/Bind.nspawn [Exec] Boot=true PrivateUsers=no [Network] Private=no VirtualEthernet=no Strange because when the conatiner is started with system-nspawn -bD /var/lib/machines/Bind everything works. It is only when started with machinectl the networking failed. With that file in place it is working. Will continue to look at this Thank you -- Hindi madali ang maging ako
participants (2)
-
Pocket
-
Uwe Sauter