| 6 Sep 2025 |
 kraem | * i've created a systemd service which joins a network namespace, but i can't get it to use a specific dns server instead of the hosts. i've tried BindReadOnlyPaths but i can't get it to work. did anyone here successfully do this?
here's what i have so far: https://paste.rs/FWI2h.txt
(i've verified the service joins the netns and it uses it successfully) | 17:38:20 |
 Jassuko | Is the resolv_conf destination thing wrong? or how does that work? | 22:13:25 |
| kraem | i just found out how to verify that it actually is mounted correctly:
systemd-cgls --unit wg-netns-test0 (lists pids running in the container) nsenter -a -t $pid cat /etc/resolv.conf (inside the nsenter) gives me the correct contents (which is different than my hosts)
so for some reason the processes inside the service isn't using the nameserver resolv.conf specified in the resolv.conf .. | 23:00:27 |
| kraem | do i need to run a separate resolver inside the service somehow, may | 23:01:57 |
| kraem | * do i need to run a separate resolver inside the service somehow? maybe the processes are calling into my hosts networkmanager resolver which is running with the hosts resolv.conf configuration? | 23:03:27 |
| kraem | i just found out how to verify that it actually is mounted correctly:
systemd-cgls --unit wg-netns-test0 (lists pids running in the container) nsenter -a -t $pid cat /etc/resolv.conf (inside the nsenter) gives me the correct contents (which is different than my hosts)
so for some reason the processes inside the service isn't using the nameserver specified in the resolv.conf .. | 23:05:20 |
| kraem | interesting. dig actually uses the bind mounted /etc/resolv.conf in the service but the python script i was testing with used my hosts nameserver.
i was using this script (https://gist.github.com/Tugzrida/6fe83682157ead89875a76d065874973) which uses socket.socket(socket.AF_INET, socket.SOCK_DGRAM), which should be using glibc if i understand correctly, which in turn makes it very strange because glibc should be reading the resolv.conf mounted inside the service? | 23:46:24 |
| 7 Sep 2025 |
| Jassuko | what does your nsswitch.conf look like? | 00:53:30 |
 hexa | https://www.servethehome.com/qnap-qsw-m3216r-8s8t-16-port-10gbe-managed-marvell-switch-review/ 🤔 | 01:02:15 |
| hexa | 8x10Gbase-T, 8xSFP+ | 01:02:31 |
| hexa | with fans, but apparently quiet | 01:02:46 |
| hexa | L2+ web-managed 🥲 | 01:03:00 |
| hexa | oh, per another listing this one actually has a console | 01:03:20 |
| hexa | what about ssh? 🤔 | 01:03:38 |
| hexa |
No, QNAP managed switches do not support SSH login for end users; however, users can access the managed switch graphical user interface (GUI)
| 01:04:00 |
| hexa | uhh sure, go fuck your self if you are an enduser | 01:04:07 |
| hexa | got it | 01:04:07 |
| hexa | https://stevetech.me/posts/qnap-switch-serial-console implies they are running openwrt | 01:06:14 |
| hexa | * https://stevetech.me/posts/qnap-switch-serial-console implies they are running something based on openwrt | 01:06:20 |
| hexa | different switch though | 01:06:27 |
 raitobezarius | doubtful it's not running openwrt | 01:07:11 |
| raitobezarius | it has management and shows HTTP server | 01:07:20 |
| hexa | generally vendors might just base their sdk on openwrt | 01:08:20 |
| raitobezarius | https://patchwork.ozlabs.org/project/netdev/patch/20200225163025.9430-2-vadym.kochan@plvision.eu/ | 01:08:27 |
| hexa | I know qualcomm does this often | 01:08:29 |
 emily | I thought most managed switches were not OpenWrt | 01:08:31 |
| emily | or at least not anything remotely close to normal OpenWrt | 01:08:41 |
| raitobezarius | QNAP is not serious managed switch | 01:08:50 |
| raitobezarius | non serious managed switch is OpenWRT | 01:08:58 |
| hexa | serious managed switches cut down the resources much further 😄 | 01:09:11 |
