Re[2]: [Vserver] BIND (named) and "lo" interface inside vserver

From: Dmitry Koterov <>
Date: Tue 15 Nov 2005 - 20:01:22 GMT
Message-ID: <>

>> > Shortly: when I use BIND (or PowerDNS) inside vserver listening
>> > ALL addresses (, nslookup to server shows error
>> > message "reply from unexpected source:,
>> > expected"

>> Which is true, as your nameserver (powerdns or bind) is assigned
>> your vserver interface as primary interface and answers are sent with
>> that source.

Very strange. In other machine (non-virtual) BIND answers from
that interface which was used to pass query to. If I say in


answer goes from, and if I say

server aaa.bbb.ccc.ddd

(same machine), it goes from aaa.bbb.ccc.ddd.

> hmm, let me rephrase this: in a guest (with current networking)
> the localhost ip is remapped to the first assigned
> guest IP (which is very likely in your case)

Maybe you know, how can I bring up OWN in EACH virtual
machines, independent to other virtual machines?

> > [root@zulu /]# ifconfig
>> > eth0 Link encap:Ethernet HWaddr 00:30:48:75:13:D2
>> > RX packets:39623139 errors:0 dropped:0 overruns:0 frame:0
>> > TX packets:18575687 errors:0 dropped:0 overruns:0 carrier:0
>> > collisions:0 txqueuelen:1000
>> > RX bytes:50148146621 (46.7 GiB) TX bytes:1249870165 (1.1 GiB)
>> > Base address:0x3000 Memory:dd300000-dd320000
>> >
>> > eth0:zulu Link encap:Ethernet HWaddr 00:30:48:75:13:D2
>> > inet addr: Bcast: Mask:
>> > Base address:0x3000 Memory:dd300000-dd320000
>> >
>> > First question: why doesn't ifconfig show "lo" interface?
>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> lo is not assigned to your context and therefor not shown.

> there is no IP assigned which would 'refer' to lo, so as
> lo is not carrying any visible IP it is not shown
> (you can make all interfaces visible by disabling the
> hide_netif flag)

I need not "all visible and shared between vservers" interfaces,
but - own in each vserver, independently.

> here it is: linux-networking does not depend/operate on
> interfaces but on IPs, so the guests are not 'limited' to
> interfaces but a subset of the host IPs ...
> (in your case very likely a single one,
Yes, specified in
- and no other IPs and interfaces.

>> > Seems networking stack isolation in linux-vserver is not finished
>> > yet?

>> I don't know the answer to this one, but it seems that it is doing
>> its job quite nicely ;)

> we intentionally avoided further IP stack isolation,
> because naturally this adds overhead we want to avoid

> nevertheless, we are working on an alternative solution
> (code name NGNET) which will provide complete network
> virtualization for those who really need it ...

I only want vserver to be used as usual, non-virtual machine with
all applications. Today result - I cannot use BIND as usual.
Please tell if you have a solution?..

