systemd-resolved and snaps

Steve Langasek steve.langasek at canonical.com
Thu Feb 23 23:21:02 UTC 2017 

On Thu, Feb 23, 2017 at 02:39:27PM -0800, Kyle Fazzari wrote:
> On 02/23/2017 02:26 PM, Steve Langasek wrote:

> > acme-staging.api.letsencrypt.org is a CNAME.  You are hitting bug #1647031,
> > which we encountered when trying to roll out systemd-resolved by default for
> > 17.04.  This took a while to work through, but the fix has finally landed in
> > zesty as of a week ago; we should now SRU the upstream change back to
> > yakkety.  (We should also SRU it back to xenial, but xenial needs a more
> > complete backport of fixes to resolved, not just a cherry-pick of this one
> > fix.)
> > 
> > Dimitri, could you handle this backport to yakkety?  Since unlike the
> > Desktop, Ubuntu Server does not use dnsmasq by default (which would override
> > resolved), this is a rather important bug there.
> 
> Stephane, Steve, thanks for the quick responses. That explanation makes
> sense until I consider step (4): How did that succeed? I did note that
> it didn't actually seem to hit systemd-resolved (due to the lack of a
> syslog entry), but I'm not sure why.

For context, 4 was:

 4. Run the test from outside the snap:
 `PYTHONPATH=/snap/resolved-test/current/lib/python2.7/site-packages
 /snap/resolved-test/current/usr/bin/python
 /snap/resolved-test/current/bin/test.py`. Note that this works fine (you
 should see a dict printed).

At a guess, I would say that outside the snap you have the libnss-resolve
package installed and active, such that python resolves it via the resolved
native dbus interface instead of via the DNS stub resolver on port 53.

These behavior differences are a reason that we should NOT use the
libnss-resolve package, but instead sort out any bugs in the stub resolver
and use it consistently everywhere.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170223/950d9fdf/attachment.sig>

More information about the Snapcraft mailing list