On 05/11/16 23:10, Reiner Herrmann wrote: > Okay, so the problem seems to be that some time after boot your > resolv.conf is overwritten by rdnssd with only an IPv6 nameserver > (which is not reachable in the sandbox, because of the device). > > I would guess that directly after boot you still have an IPv4 > nameserver configured by your DHCP client. But shortly after, rdnssd > auto-discovers an IPv6 nameserver and rewrites the file (did perhaps > something on your router change, so that it know also provides DNS over > IPv6?).
I think I know why this started happening suddenly: I used to have very restrictive iptables rules set up (on this host, not the router) that would have been blocking rdnssd. The removal of netfilter-persistent only coincided with unblocking rdnssd. (For the record, I have attached /etc/resolv.conf *before* it is overwritten by rdnssd.) > If you are certain that you don't want to use auto-discovered IPv6 > nameservers you could remove rdnssd. > Or it could also help to install the resolvconf package. rdnssd calls a > script (/etc/rdnssd/merge-hook) when it finds IPv6 nameservers, and this > hook either overwrites the resolv.conf file, or lets resolvconf handle > it properly when it is installed. > > You can also try firejail's --dns option to set fixed nameservers > inside the sandbox. So it seems I have a few options for solving the issue of DNS being misconfigured within firejails, and which one I use depends upon how I want to configure my LAN, which is beyond the scope of this "bug", so I will end my investigation here. Would this be worth forwarding to upstream to be recorded as a known problem? <https://firejail.wordpress.com/support/known-problems/> Thank you very much for your assistance in troubleshooting this problem. Best regards, Aidan Gauland
domain lan search lan nameserver 192.168.1.1
signature.asc
Description: OpenPGP digital signature
