On Sat, Nov 05, 2016 at 04:17:33PM +1300, Aidan Gauland wrote: > > Are you able to reach (ping6) this address? > > If yes, are you able to use it for dns lookups > > (nslookup debian.org fe80::c6e9:84ff:fe9f:7bb2%eth0)? > > Only outside the sandbox; inside the sandbox, it gives me "unknown > host", but if I change "%eth0" to "%eth0-11278", I can ping it, and I > can use it for DNS lookups. > > So now that we have narrowed down the cause of the lookup failures, how > do I fix this? And why on Earth does this happen only after the system > has been up for a few minutes, and not all the time? rdnssd has been on > my system for a long time, but it's possible that I have unwittingly > changed some system configuration that affecting /etc/resolv.conf
Okay, so the problem seems to be that some time after boot your resolv.conf is overwritten by rdnssd with only an IPv6 nameserver (which is not reachable in the sandbox, because of the device). I would guess that directly after boot you still have an IPv4 nameserver configured by your DHCP client. But shortly after, rdnssd auto-discovers an IPv6 nameserver and rewrites the file (did perhaps something on your router change, so that it know also provides DNS over IPv6?). If you are certain that you don't want to use auto-discovered IPv6 nameservers you could remove rdnssd. Or it could also help to install the resolvconf package. rdnssd calls a script (/etc/rdnssd/merge-hook) when it finds IPv6 nameservers, and this hook either overwrites the resolv.conf file, or lets resolvconf handle it properly when it is installed. You can also try firejail's --dns option to set fixed nameservers inside the sandbox.
signature.asc
Description: Digital signature
