LinuxQuestions.org - Network namespace has no DNS resolution

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Network namespace has no DNS resolution (https://www.linuxquestions.org/questions/linux-networking-3/network-namespace-has-no-dns-resolution-4175731459/)

Network namespace has no DNS resolution

I have a post-up script for my NIC that creates a network namespace with internet access but I can't resolve domains from inside the namespace. Here is the configuration.

Code:

ego@ubuntu:~$ cat /usr/local/bin/wrgrd.sh

#!/bin/bash



#Create VPN namespace

ip netns add wireguard



#Create vswitch and veth

ip l add vsw0 type bridge

ip l add veth0 type veth peer name veth1



#Attach veth to vswitch and namespace

ip l set veth0 master vsw0

ip l set veth1 netns wireguard



#Assign IPs and raise interfaces

ip a add 192.168.1.1/24 dev vsw0

ip l set dev vsw0 up

ip l set dev veth0 up

ip netns exec wireguard ip l set dev lo up

ip netns exec wireguard ip a add 192.168.1.2/24 dev veth1

ip netns exec wireguard ip l set dev veth1 up



#Add local network route to namespace

ip netns exec wireguard ip r add 192.168.0.0/24 via 192.168.1.1



#Add IP table rule

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE



#Add default route to namespace

ip netns exec wireguard ip r add default via 192.168.1.1



ego@ubuntu:~$ sudo ip netns exec wireguard ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=26.1 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=55 time=20.8 ms

64 bytes from 8.8.8.8: icmp_seq=3 ttl=55 time=17.2 ms

64 bytes from 8.8.8.8: icmp_seq=4 ttl=55 time=13.0 ms

64 bytes from 8.8.8.8: icmp_seq=5 ttl=55 time=11.3 ms

--- 8.8.8.8 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4005ms

rtt min/avg/max/mdev = 11.267/17.665/26.098/5.363 ms



ego@ubuntu:~$ sudo ip netns exec wireguard ping google.com

ping: google.com: Temporary failure in name resolution

Hi, Welcome to LQ!

I saw this reference to nat and firewalling.

You may require "port forwarding".

I have these ipv4 and ipv6 forwarding lines in...
/etc/sysctl.conf

Code:

...

# Uncomment the next line to enable packet forwarding for IPv4

net.ipv4.ip_forward=1  # Enable forwarding (gateway)



# Uncomment the next line to enable packet forwarding for IPv6

#  Enabling this option disables Stateless Address Autoconfiguration

#  based on Router Advertisements for this host

net.ipv6.conf.all.forwarding=0 #off for nordvpn

...

I'm no expert, just saw a common element, a firewall & a vpn.

What is your DNS in /etc/resolv.conf and how did it get there? What exactly is a namespace? We don't use that term in networking.

You can use 8.8.8.8 but it must be in /etc/resolv.conf. Most firewall will pass DNS traffic out and in without a problem.