systemd-resolved and snaps

Stéphane Graber stgraber at ubuntu.com
Thu Feb 23 22:06:53 UTC 2017 

On Thu, Feb 23, 2017 at 01:58:07PM -0800, Kyle Fazzari wrote:
> Hey all.
> 
> I've received a bug report on a snap where the user was running a 16.10
> Server install with the snap in question, and getting DNS errors. I've
> distilled the problem as much as I can but I cannot for the life of me
> figure out what's happening, so I thought maybe the list could point me
> in the right direction.
> 
> 
> Prerequisites
> =============
> 
> I have a demo snap (a standalone snapcraft.yaml) that will demonstrate
> this issue[1].
> 
> Ubuntu 16.10 Server uses systemd-resolved, which means its
> /etc/resolv.conf contains a single nameserver:
> 
>     nameserver 127.0.0.53
> 
> If you have others there, comment them out for the time being.
> 
> 
> Steps to reproduce
> ==================
> 
> 1. Build and install the `resolved-test` snap[1]. It exposes two apps,
> `test` (which is a python2 script uses the requests lib) and `host`
> which is just the `host` utility from bind9-host.
> 
> 2. With 127.0.0.53 as the only nameserver, run `resolved-test.test`.
> Note that it fails with "Name or service not known."
> 
> 3. With 127.0.0.53 as the only nameserver, run `resolved-test.host
> acme-staging.api.letsencrypt.org`. Note that it works perfectly fine.
> 
> At this point, one might suspect that this is an issue in the requests
> lib. So:
> 
> 4. Run the test from outside the snap:
> `PYTHONPATH=/snap/resolved-test/current/lib/python2.7/site-packages
> /snap/resolved-test/current/usr/bin/python
> /snap/resolved-test/current/bin/test.py`. Note that this works fine (you
> should see a dict printed).
> 
> 5. Now add another nameserver to /etc/resolv.conf (I used `nameserver
> 8.8.8.8`), and run `resolved-test.test`. Note that it works fine.
> 
> 
> Some analysis
> =============
> 
> Note that when I run step (1) I get [2] in the syslog. When I run step
> (2) I get [3] in the syslog. When I run step (4) I get nothing in the
> syslog.
> 
> I'm at a loss here. Installing with devmode doesn't change these
> results. `host` always seems to work fine, but `test` never works with
> the systemd-resolved IP address. Has anyone else encountered this? Any
> advice would be appreciated.
> 
> [1]: http://pastebin.ubuntu.com/24055388/
> [2]: http://pastebin.ubuntu.com/24055470/
> [3]: http://pastebin.ubuntu.com/24055466/

Hey there,

Since acme-staging.api.letsencrypt.org is a CNAME, that may be related to:
 - https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1647031
 - https://github.com/systemd/systemd/issues/3826

What happens if you try with "host letsencrypt.org" and
"https://letsencrypt.org" (that's an A+AAAA+MX instead of CNAME)?


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170223/0f294f54/attachment.sig>

More information about the Snapcraft mailing list