systemd-resolved and snaps

Kyle Fazzari kyle.fazzari at canonical.com
Thu Feb 23 21:58:07 UTC 2017 

Hey all.

I've received a bug report on a snap where the user was running a 16.10
Server install with the snap in question, and getting DNS errors. I've
distilled the problem as much as I can but I cannot for the life of me
figure out what's happening, so I thought maybe the list could point me
in the right direction.


Prerequisites
=============

I have a demo snap (a standalone snapcraft.yaml) that will demonstrate
this issue[1].

Ubuntu 16.10 Server uses systemd-resolved, which means its
/etc/resolv.conf contains a single nameserver:

    nameserver 127.0.0.53

If you have others there, comment them out for the time being.


Steps to reproduce
==================

1. Build and install the `resolved-test` snap[1]. It exposes two apps,
`test` (which is a python2 script uses the requests lib) and `host`
which is just the `host` utility from bind9-host.

2. With 127.0.0.53 as the only nameserver, run `resolved-test.test`.
Note that it fails with "Name or service not known."

3. With 127.0.0.53 as the only nameserver, run `resolved-test.host
acme-staging.api.letsencrypt.org`. Note that it works perfectly fine.

At this point, one might suspect that this is an issue in the requests
lib. So:

4. Run the test from outside the snap:
`PYTHONPATH=/snap/resolved-test/current/lib/python2.7/site-packages
/snap/resolved-test/current/usr/bin/python
/snap/resolved-test/current/bin/test.py`. Note that this works fine (you
should see a dict printed).

5. Now add another nameserver to /etc/resolv.conf (I used `nameserver
8.8.8.8`), and run `resolved-test.test`. Note that it works fine.


Some analysis
=============

Note that when I run step (1) I get [2] in the syslog. When I run step
(2) I get [3] in the syslog. When I run step (4) I get nothing in the
syslog.

I'm at a loss here. Installing with devmode doesn't change these
results. `host` always seems to work fine, but `test` never works with
the systemd-resolved IP address. Has anyone else encountered this? Any
advice would be appreciated.

[1]: http://pastebin.ubuntu.com/24055388/
[2]: http://pastebin.ubuntu.com/24055470/
[3]: http://pastebin.ubuntu.com/24055466/

-- 
Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
kyle at canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170223/02e93964/attachment.sig>

More information about the Snapcraft mailing list