Re: [Vserver] BIND (named) and "lo" interface inside vserver

From: Dennis Roos <>
Date: Tue 15 Nov 2005 - 16:47:03 GMT
Message-Id: <>

On Tue, 2005-11-15 at 17:00 +0300, Dmitry Koterov wrote:
> Hello.
> Shortly: when I use BIND (or PowerDNS) inside vserver listening
> ALL addresses (, nslookup to server shows error
> message "reply from unexpected source:,
> expected"
Which is true, as your nameserver (powerdns or bind) is assigned
your vserver interface as primary interface and answers are sent with
that source.

> Long description. I have installed linux-vserver (named "zulu")
> on kernel and set up one real IP for it -
> [root@zulu /]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:30:48:75:13:D2
> RX packets:39623139 errors:0 dropped:0 overruns:0 frame:0
> TX packets:18575687 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:50148146621 (46.7 GiB) TX bytes:1249870165 (1.1 GiB)
> Base address:0x3000 Memory:dd300000-dd320000
> eth0:zulu Link encap:Ethernet HWaddr 00:30:48:75:13:D2
> inet addr: Bcast: Mask:
> Base address:0x3000 Memory:dd300000-dd320000
> First question: why doesn't ifconfig show "lo" interface?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lo is not assigned to your context and therefor not shown.

> Then, I installed named (BIND), compiled it with
> --disable-linux-caps before. BIND listens on all IP addresses
> inside vserver:
> [root@zulu /]# netstat -na
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0* LISTEN
> udp 0 0*
> ...
This shows only listening on your vserver ip address. And answering to
the world ;)

> Then I try nslookup:
> [root@zulu /]# nslookup
> > server
> Default server:
> Address:
> >
> ;; reply from unexpected source:, expected
> ;; reply from unexpected source:, expected
FWIR: The first interface brought up in the context is 'assigned' the
functionality of lo0.

For a more detailed explaination you have to rely on the
developers/experts answer(s)... I'm just a simple end user ;)

> Second question: what's wrong? Why BIND tries to answer from
> vserver IP address, but NOT from localhost which I used?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
localhost is just a name, so I guess you're refering to the loopback
ip address which defaults to

As I explained above, is not assigned to your guest context
and so is not used as reply address by your nameserver

> I have also tried PowerDNS instead of BIND - absolutely same
> effect.
As to be expected.

> I do not want to write in my resolv.conf, because
> this IP may be changed one fine day, or vserver will be moved to
> another machine.
It always needs an ip address, so why not rewrite /etc/resolv.conf
from pre-start or post-start and use the ip address assigned at time
as nameserver.

> Seems networking stack isolation in linux-vserver is not finished
> yet?
I don't know the answer to this one, but it seems that it is doing
its job quite nicely ;)

Dennis Roos
Network Engineer @ InTouch N.V.
Middenweg 76
1097 BS Amsterdam
Tel: +31 (0)20 6752060
Fax: +31 (0)20 6758429
-=[Assumption is the mother of all f*ckups]=-
Vserver mailing list
Received on Tue Nov 15 16:47:28 2005
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 15 Nov 2005 - 16:47:32 GMT by hypermail 2.1.8