DNS not working on new Proxmox LXC install

hanssia · August 1, 2024, 3:53pm

I create the openwrt LXC container on proxmox host with below command:
pct create 333 /var/lib/vz/template/cache/openwrt-23.05.4-x86-generic-rootfs.tar.gz --arch amd64 --hostname OpenWrt-23.05 --rootfs local-lvm:5 --memory 1024 --cores 2 --ostype unmanaged --unprivileged 1

I configured the network as below:

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.0.0.12'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '10.0.0.1'
        option gateway '10.0.0.1'
        option broadcast '10.0.0.255'

I could ping the gateway 10.0.0.1 and any other server in the same local network. But I could not ping openwrt.org or any domain names.

I create 4 containers but none worked.

root@OpenWrt-23:/# ubus call system board
{
        "kernel": "6.8.8-2-pve",
        "hostname": "OpenWrt-23.05",
        "system": "Intel(R) N100",
        "model": "HEDY N100",
        "board_name": "hedy-n100",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "x86/generic",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}
root@OpenWrt-23:/#

I also created an openwert VM on proxmox, ping works after setting dns on luCI.

root@OpenWrt-23:/# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
root@OpenWrt-23:/# ping openwrt.org
ping: bad address 'openwrt.org'
root@OpenWrt-23:/# nslookup openwrt.org 127.0.0.1
nslookup: write to '127.0.0.1': Connection refused
;; connection timed out; no servers could be reached

root@OpenWrt-23:/# nslookup openwrt.org 10.0.0.1
Server:         10.0.0.1
Address:        10.0.0.1:53

Non-authoritative answer:
Name:   openwrt.org
Address: 2a03:b0c0:3:d0::1a51:c001

Non-authoritative answer:
Name:   openwrt.org
Address: 64.226.122.113

root@OpenWrt-23:/#

When I can the nameserver in /etc/resolv.conf to 10.0.0.1, ping works, but rebooting the server will reset /etc/resolv.conf. I know there are ways to keep resolv from being changed, but I'll feel that's a hack, the server is supposed to work with the right settings. Especially when it's a new installation.

frollic · August 1, 2024, 4:28pm

hanssia:

"kernel": "6.8.8-2-pve",
        "hostname": "OpenWrt-23.05",
                "revision": "r24012-d8dd03c46f",
                "target": "x86/generic",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"

Ask the people who provided you with this image, it didn't come from here...

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

hanssia · August 1, 2024, 4:41pm

Thank you very much for you reply, Frollic.

The image is the "rootfs.tar.gz" I downloaded from the official website. Below is the link

https://downloads.openwrt.org/releases/23.05.4/targets/x86/generic/openwrt-23.05.4-x86-generic-rootfs.tar.gz

Maybe it's the way I install it? But I followed a tutorial on YouTube the auther downloaded the same image, only older.

Oh also DNSMASQ is rinning too as Inchecked.

frollic · August 1, 2024, 4:45pm

Perhaps you did, but you sure didn't install it.

brada4 · August 1, 2024, 6:07pm

You cannot run openwrt in namespace containers, you need full virtual machine as a minimum, like kvm ones proxmox kindly provides.

vincejv · August 3, 2024, 3:24am

this image came from OpenWrt but the kernel is provided by proxmox as it's containarized through LXC

OpenWrt is installed via LXC container probably based on this guide https://openwrt.org/docs/guide-user/virtualization/lxc, but I guess it has its shortcomings/not fully supported as noted on wiki page

This can be useful for development as well as for VM hosting.

hanssia · August 3, 2024, 3:51am

Hey everyone,

I just got this figured out. Still I don't fully understand how it works, but a have found a solution.

I found another OpenWrt image on linuxcontainers.org, https://images.linuxcontainers.org/images, and downloaded 'rootfs.tar.xz'. https://jenkins.linuxcontainers.org/job/image-openwrt/architecture=amd64,release=23.05,variant=default/lastSuccessfulBuild/artifact/rootfs.tar.xz. I installed it and DNS works out of box.

Then I did some research on the website, and read about "distrobuilder" on the front page:

distrobuilder's modern design utilises pre-built official images whenever available, uses a declarative image definition (YAML) and supports a variety of modifications on the base image.

So there are INDEED some "modifications", then the search continued and I finally found the images are complied with Jenkins. https://jenkins.linuxcontainers.org/job/image-openwrt/architecture=amd64,release=23.05,variant=default/

I downloaded the image.yaml file, and opened it, the "modifications" are quite simple, just two "actions":

actions:
- trigger: post-unpack
  action: |
    #!/bin/sh
    mkdir -p /var/lock
    echo "console::askfirst:/usr/libexec/login.sh" >> /etc/inittab
  architectures:
  - amd64

- trigger: post-files
  action: |
    #!/bin/sh

    # Disable process isolation to make dnsmasq work
    sed -i 's/procd_add_jail/: \0/g' /etc/init.d/dnsmasq
    # Disable conflicting sysntpd service to avoid crash loop
    rm -f /etc/rc.d/*sysntpd

I reckon the second part is related to DNS resolving, seems there's some "process isolation" that kept dnsmasq from working on LXC, which is beyond my current knowledge. Anyway I tried the command:

sed -i 's/procd_add_jail/: \0/g' /etc/init.d/dnsmasq

Then tested DNS it worked.

vincejv · August 3, 2024, 3:52am

nice! should mark that post as a solution then, openwrt should still work on lxc containers even if using the underlying OS's kernel, just need some tweaking..

brada4 · August 3, 2024, 4:46am

You did not provide a SINGLE error message.

system · August 13, 2024, 4:46am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.