Settings multiple DNS resolvers for containers prevents container start
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	starcraft66
	Aug 2 2025, 4:16 AM

Description

Due to an incorrect concatenation of CLI arguments in podman container systemd units, setting more than one dns resolver will cause the units to fail to start with this cryptic error:

vyos@305-1700-gw# set container name tailscale name-server 172.17.51.1
[edit]
vyos@305-1700-gw# set container name tailscale name-server 2a0c:9a46:637:51::1
[edit]
vyos@305-1700-gw# compare
[container name tailscale]
+ name-server "172.17.51.1"
+ name-server "2a0c:9a46:637:51::1"

[edit]
vyos@305-1700-gw# commit
[ container ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 144, in run_script
    script.apply(c)
  File "/usr/libexec/vyos//conf_mode/container.py", line 536, in apply
    cmd(f'systemctl restart vyos-container-{name}.service')
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: systemctl restart vyos-container-tailscale.service
returned: 
exit code: 1

[[container]] failed
Commit failed

vyos@305-1700-gw# journalctl -u vyos-container-tailscale.service --since '5 minutes ago'
[...]
Aug 02 00:10:58 305-1700-gw systemd[1]: Starting VyOS Container tailscale...
Aug 02 00:10:58 305-1700-gw podman[183250]: Error: 172.17.51.1--dns is not an ip address
Aug 02 00:10:58 305-1700-gw systemd[1]: vyos-container-tailscale.service: Control process exited, code=exited, status=125/n/a
Aug 02 00:10:58 305-1700-gw systemd[1]: vyos-container-tailscale.service: Failed with result 'exit-code'.
Aug 02 00:10:58 305-1700-gw systemd[1]: Failed to start VyOS Container tailscale.
Aug 02 00:10:58 305-1700-gw systemd[1]: vyos-container-tailscale.service: Scheduled restart job, restart counter is at 1.
Aug 02 00:10:58 305-1700-gw systemd[1]: Stopped VyOS Container tailscale.
Aug 02 00:10:58 305-1700-gw systemd[1]: Starting VyOS Container tailscale...
Aug 02 00:10:58 305-1700-gw podman[183282]: Error: 172.17.51.1--dns is not an ip address
Aug 02 00:10:58 305-1700-gw systemd[1]: vyos-container-tailscale.service: Control process exited, code=exited, status=125/n/a
Aug 02 00:10:58 305-1700-gw systemd[1]: vyos-container-tailscale.service: Failed with result 'exit-code'.
Aug 02 00:10:58 305-1700-gw systemd[1]: Failed to start VyOS Container tailscale.
Aug 02 00:10:59 305-1700-gw systemd[1]: vyos-container-tailscale.service: Scheduled restart job, restart counter is at 2.

Running systemctl cat on the offending unit will reveal that the command-line contains the following: --dns 172.17.51.1--dns 2a0c:9a46:637:51::1, there is a missing space separating the --dns cli arguments