Skip to content

WDY-570: Enable systemd-resolved for container DNS#43

Open
mihai-chiorean wants to merge 2 commits intomainfrom
WDY-570-fix-dns-yocto-side
Open

WDY-570: Enable systemd-resolved for container DNS#43
mihai-chiorean wants to merge 2 commits intomainfrom
WDY-570-fix-dns-yocto-side

Conversation

@mihai-chiorean
Copy link
Member

@mihai-chiorean mihai-chiorean commented Dec 3, 2025

Summary

This PR enables systemd-resolved on WendyOS to support proper DNS resolution in containers created by wendy-agent.

Problem

Containers need access to upstream DNS servers, but /etc/resolv.conf typically points to systemd-resolved's stub resolver at 127.0.0.53, which doesn't work inside containers.

Solution

Enable and configure systemd-resolved to create /run/systemd/resolve/resolv.conf, which contains actual upstream DNS servers that containers can use.

Changes

systemd Recipe Configuration

  1. Enable systemd-resolved: Added resolved to PACKAGECONFIG alongside networkd
  2. Auto-start service: Created symlink in multi-user.target.wants to enable systemd-resolved at boot
  3. Configure DNS behavior:
    • Fallback DNS: 8.8.8.8, 1.1.1.1 (used when no other DNS is available)
    • LLMNR: Disabled (security best practice)
    • MulticastDNS: Enabled for .local domain compatibility (Avahi/mDNS)

Files Added

  • /etc/systemd/system/multi-user.target.wants/systemd-resolved.service - Service enablement
  • /etc/systemd/resolved.conf.d/10-edgeos.conf - DNS configuration

How It Works

  1. systemd-resolved runs on the host and maintains /run/systemd/resolve/resolv.conf
  2. This file contains actual upstream DNS servers (not the 127.0.0.53 stub)
  3. wendy-agent mounts this file into containers for working DNS resolution
  4. Containers get functional DNS without needing their own resolver

Related Changes

This complements the wendy-agent changes in wendylabsinc/wendy-agent#173 which mount /run/systemd/resolve/resolv.conf into containers.

Testing

After deploying WendyOS with this change:

  • Verify systemd-resolved.service is running: systemctl status systemd-resolved
  • Verify /run/systemd/resolve/resolv.conf exists and contains real DNS servers
  • Verify containers have working DNS resolution

@mihai-chiorean
Fix USB gadget DHCP conflict with macOS Internet Connection Sharing
06f724a 
Resolves EDG-295

**Problem:**
When macOS Internet Connection Sharing (ICS) is enabled, both the Mac
and EdgeOS device try to run DHCP servers on the USB interface, causing:
- DHCP conflicts and network failures
- Only IPv6 connectivity after toggling ICS
- Unpredictable behavior when ICS is disabled/re-enabled

**Solution:**
Replace the device's DHCP server with a DHCP client + link-local fallback:

- **DHCP client mode:** Accepts IP from Mac ICS when available
- **Link-local fallback:** Auto-configures 169.254.x.x when no DHCP server
- **IPv6 link-local:** Always available (fe80::...)

**Benefits:**

1. **Works with Mac ICS enabled:**
   - Device gets DHCP address (192.168.2.x from Mac)
   - Internet sharing works through Mac
   - Proper DNS and routing

2. **Works with Mac ICS disabled:**
   - Both host and device auto-configure link-local
   - Connection still works via 169.254.x.x
   - No DHCP timeouts or delays

3. **Works with mDNS:**
   - Device always accessible via edgeos-<uuid>.local
   - Link-local addresses advertised via mDNS
   - Works on both IPv4 and IPv6

**Testing:**
- ✅ Mac ICS enabled: Device gets 192.168.2.6, internet works
- ✅ Mac ICS disabled: Both use link-local, SSH works
- ✅ IPv6 link-local: Always accessible via fe80::...%interface
- ✅ mDNS discovery: Works in all configurations
@mihai-chiorean
Enable systemd-resolved for proper container DNS resolution
f5a1e42 
Container DNS was broken because /etc/resolv.conf pointed to 127.0.0.53
(systemd-resolved stub), which doesn't work in containers. This enables
systemd-resolved and configures it to create /run/systemd/resolve/resolv.conf
with actual upstream DNS servers.

**Changes:**
- Enable 'resolved' in systemd PACKAGECONFIG (alongside existing networkd)
- Auto-enable systemd-resolved.service at boot
- Configure resolved with fallback DNS (8.8.8.8, 1.1.1.1)
- Disable LLMNR (not needed)
- Enable MulticastDNS for .local domains (Avahi compatibility)

**How it works:**
1. systemd-resolved runs and listens on 127.0.0.53
2. Creates /run/systemd/resolve/resolv.conf with real DNS servers
3. wendy-agent mounts this file into containers (from PR #173)
4. Containers get working DNS without stub resolver issues

**Benefits:**
- Containers can resolve DNS properly
- Works with modern systemd-resolved systems
- Fallback DNS ensures reliability
- Compatible with existing mDNS/Avahi setup

Related: WDY-570
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mihai-chiorean