I was setting up some simple jails following the useful instructions in the FreeBSD Handbook. Setting up a thin jail using ZFS snapshots is pretty straightforward and I was able to get a jailed system up and running in short order.
That’s when the fun began. I wanted to test a NGINX server running in the jail on an inherited IP. When I tried to do the install from the host using pkg -j thinjail install nginx-lite it failed essentially saying that it couldn’t connect to update the repository catalog.
Did the usual network debugging and was very confused that everything worked by IP address (e.g., ping, nc, etc.) but nothing would resolve.
root@thinjail:~ # ping l10systems.com
ping: cannot resolve l10systems.com: Name does not resolve
Very confusing was that drill worked if I specified a IP address for a DNS server but didn’t work otherwise. This worked:
root@thinjail:/ # drill @208.67.222.123 l10systems.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60777
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; l10systems.com. IN A
;; ANSWER SECTION:
l10systems.com. 30 IN A 50.19.214.227
l10systems.com. 30 IN A 34.234.106.80
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 78 msec
;; SERVER: 208.67.222.123
;; WHEN: Sun Nov 10 19:06:33 2024
;; MSG SIZE rcvd: 64
But just using drill l10systems.com failed with
Warning: Could not create a resolver structure: Could not open the files ((null))
Try drill @localhost if you have a resolver running on your machine.
Double and triple checked my /etc/resolve.conf and it looked fine. Very confusing until I thought about what that might be saying: there were no nameservers specified.
That’s when it hit me. I had made a typo when copying /etc/resolv.conf from the host to the jail and copied it as /etc/resolve.conf. That doesn’t work. Renamed the file and everything started working right away.
On the plus side, I dug into jail networking and got to explore some of the different tools around network troubleshooting on FreeBSD.