Plex with host networking has a bad DNS

wscott

wscott

Cadet
Joined
Sep 26, 2017
Messages
6
I am running Scale Cobia since I have a machine that requires a newer kernel.

I have the TrueNAS Plex app installed and found that I needed to enable "host networking" to access to the TV tuner and allow IPv6 access to the plex server. (Totally crazy to me that in 2023 we have a network appliance that doesn't fully support IPv6...)

I find that Plex is works, but various features like downloading metadata doesn't work because the container doesn't have working DNS. If I connect to a shell in the container I see the following:

# cat /etc/resolv.conf search ix-plex.svc.cluster.local svc.cluster.local cluster.local narwhal-celsius.ts.net nameserver 172.17.0.10 options ndots:5

Where 172.17.0.10 is the DNS for the k8 network. If I run 'echo nameserver 10.107.0.1 > /etc/resolv.conf' in that container then everything starts working, but this change goes away whenever the container is restarted.

What am I doing wrong?
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
I can't comment on Cobia as I've not used it, it's beta software. But in general, realize that kubernetes apps run on their own private network. So, LAN to the app is not your home or business network, it's a different network. You see that in your resolv file. it does NOT use the host IP by default. Thus, you'll also find things like dlna doesn't work, becuase, dlna is on the 172. network. And thus you went down the host networking path, just explaning the why in case you were not aware.

I've not used "host" networking so don't know what boxes are available for entry may be there on Cobia. I instead use a bridge network and assign the app (in my case Emby) to the bridge network with it's own IP and there's a box for DNS also.

You might post a copy of the entire networking section of the Scale app config screen for the app with options expanded and maybe I can see what is available on Cobia.
 
wscott

wscott

Cadet
Joined
Sep 26, 2017
Messages
6

Some background​

  • I am an old-school hacker ('old' being the key word) with lots of Linux and networking experience but this is my first exposure to managing Kubernetes or Scale. I have used FreeBSD TrueNAS (FreeNAS then) in the past.
  • Hardware
    I made a home NAS setup using a $159 Belink S12 Pro mini PC. This is an Intel N100 processor, an Alder Lake with 4 E-cores and no P-cores. This can do HW video encoding.
    Disks are provided with a Sabrent hotswap bay via USB 3.1 phase 2. Works fine for my purposes.
  • Why TrueNAS?
    I actually was originally intending to use bcachefs so the bulk of the disk transfers would be to internal NVMe disks with overflow to spinning disks. But I found bcachefs wasn't ready. Performance was excellent but the error recovery was awkward and confusing and I don't want to be confused when a disk fails. So I wanted ZFS and TrueNAS seemed to have that and the apps seemed like a feature. I considered Promox, but that interface was confusing to me.
  • Why Cobia?
    This can do HW encoding with Linux 6.2 or by backporting the video drivers. Cobia has backported those drivers. I found out later it isn't hard to backport those same drivers to the stable release. The wifi needs an even newer kernel and that would be handy as I have an alternative ISP available via wifi.
  • Why host networking?
    My main ISP is Starlink which uses a CgNAT for IPv4 so it is not possible to get external access for a few of my older children who still want access to our DVD collection. However, Starlink has IPv6 that is not firewalled at all. If you tell plex.tv the right address and open a hole in the firewall then it is possible to directly access plex via IPv6 from outside the house. TrueNAS's internal 172.* network for K8 is ipv4-only so even if I forward the port I would lose my ipv6 access to plex. If I pick 'host networking' then the container has access to Truenas's network directly so ipv6 works, but it is no longer talking to that internal k8 network so that resolv.conf should have been changed when 'host networking' is selected.
Here are the settings you requested:
arc.net

Untitled Easel

arc.net arc.net

It would be possible to run an http-proxy outside of TrueNAS that listens on ipv6 and forwards to the internal ipv4 address, but that seems complicated.
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
Kubernetes ... IPv6 ... good one ... :grin:

Yeah, so much superior compared to jails.
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
One workaround would be a NAT64 gateway which would allow you to do what you want. I am behind CGNAT also but don't have ipv6 option. So, for remote access, I simply use an autostarting on remote device vpn. Or travel router on vacation which has VPN to home built in.
 
wscott

wscott

Cadet
Joined
Sep 26, 2017
Messages
6
sfatula said:
You'll need to vote here:
Click to expand...
I found that one before and I tried to vote, but I don't see any option for that. It is a company Jira and I don't see an option to create an account to comment.

However, I am not entirely sure having ipv6 support in kub would really help me because I also use a HDHomeRun TV tuner device. It uses IPv4 multicast to transfer content. I suspect we probably also need an IGMP proxy between the two networks.

In this case, it feels like a simple oversight. The app has support for 'host networking', but it didn't configure DNS correctly when run in 'host networking' mode. I found the source code, so off to figure out how this file gets set. Lots of layers...
 
wscott

wscott

Cadet
Joined
Sep 26, 2017
Messages
6
sfatula said:
One workaround would be a NAT64 gateway which would allow you to do what you want. I am behind CGNAT also but don't have ipv6 option. So, for remote access, I simply use an autostarting on remote device vpn. Or travel router on vacation which has VPN to home built in.
Click to expand...
Yup. NAT64 is a funny beast, it is NAT for ipv6 when ipv6 was designed to not need NAT, but NAT64 can also do v6 -> v4 NAT so it would solve my problem.

But my pfsense firewall doesn't support NAT64...
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
wscott said:
Yup. NAT64 is a funny beast, it is NAT for ipv6 when ipv6 was designed to not need NAT, but NAT64 can also do v6 -> v4 NAT so it would solve my problem.

But my pfsense firewall doesn't support NAT64...
Click to expand...
Yeah, didn't say it would be an easy thing to do! There's probably software you can load onto some cheap machine that would do it, but I am sure it would be a little messy. Never looked for anything on Truenas, probably doesn't exist.

That site I linked you to on Jira, that's where all truenas bugs / work goes. YOu can create an account, top right. Brings up a dialog to log in and option there says create an account. In general, they have posted that they do not necessarily work on things that don't have enough interest, so, your feedback there matters. Once you log in, there is a thumbs up icon to vote.
 
You must log in or register to reply here.

Similar threads

N
Have trouble with internal DNS (some containers abnormal)
Replies
2
Views
2K
NugentS
NugentS
M
Container Host networking (Gerbera & Multicast)
Replies
1
Views
2K
MartinHerrman
M
V
Fixed IP for bridge interface to communicate with host
Replies
5
Views
451
chuck32
chuck32
R
SOLVED Unable to activate CloudFlare Tunnel Connection
Replies
1
Views
2K
Ralphshep
R
K
Networking/Routing trouble in Docker Containers on 20.12
Replies
19
Views
7K
departy
D
Top