|
73 | 73 | - name: Download and verify dependencies |
74 | 74 | run: make deps |
75 | 75 |
|
| 76 | + # Before (default): |
| 77 | + # - /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf |
| 78 | + # - stub-resolv.conf points to 127.0.0.53 (systemd-resolved stub listener) |
| 79 | + # - systemd-resolved forwards to the real upstream file: |
| 80 | + # /run/systemd/resolve/resolv.conf |
| 81 | + # Flow: /etc/resolv.conf -> stub-resolv.conf (127.0.0.53) -> systemd-resolved -> /run/systemd/resolve/resolv.conf |
| 82 | + # |
| 83 | + # After (bind-mount): |
| 84 | + # - /etc/resolv.conf is bind-mounted to /run/systemd/resolve/resolv.conf |
| 85 | + # - processes read upstream nameservers directly from /run/systemd/resolve/resolv.conf |
| 86 | + # Flow: /etc/resolv.conf -> /run/systemd/resolve/resolv.conf |
| 87 | + # |
| 88 | + # This makes processes talk directly to the upstream DNS servers and |
| 89 | + # bypasses the systemd-resolved *stub listener* (127.0.0.53). |
| 90 | + # |
| 91 | + # Important nuance: systemd-resolved itself is NOT stopped; it still runs and updates |
| 92 | + # /run/systemd/resolve/resolv.conf. Because this is a bind (not a copy), updates to the |
| 93 | + # upstream list are visible. Trade-off: you lose the stub’s features (caching, |
| 94 | + # split-DNS/VPN per-interface behavior, DNSSEC/DoT/DoH mediation, mDNS/LLMNR). |
| 95 | + # |
| 96 | + # Reason: network namespaces have their own network stack (interfaces, routes and loopback). |
| 97 | + # A process inside a network namespace resolves 127.0.0.53 against that namespace’s loopback, not the host’s, |
| 98 | + # and systemd-resolved usually listens on the host loopback. As a result the stub at 127.0.0.53 is often |
| 99 | + # unreachable from an isolated namespace and DNS lookups fail. Bind-mounting /run/systemd/resolve/resolv.conf over /etc/resolv.conf forces processes to use the upstream nameservers directly, avoiding that failure. |
76 | 100 | - name: Change DNS configuration |
77 | 101 | if: runner.os == 'Linux' |
78 | 102 | run: sudo mount --bind /run/systemd/resolve/resolv.conf /etc/resolv.conf |
|
0 commit comments