Added dnsmasq DNS listening on container bridge interfaces; corrected ddns.json

2026-04-14 21:50:55 -04:00 · 2026-04-14 21:50:55 -04:00 · 2d50a982b8
commit 2d50a982b8
parent 9c043ae30c
3 changed files with 56 additions and 34 deletions
--- a/core.py
+++ b/core.py
@ -983,6 +983,11 @@ def build_vlan_dnsmasq_conf(vlan, data):
    line("bind-interfaces")
    line(f"listen-address={gateway}")
    line(f"interface={iface}")
+    if is_physical(vlan):
+        bridge_ips = get_container_bridge_ips()
+        for bridge, ip in bridge_ips.items():
+            line(f"interface={bridge}")
+            line(f"listen-address={ip}")
    line()

    if not is_wg(vlan):
@ -1320,6 +1325,33 @@ def get_container_bridges():
    except Exception:
        return []

+def get_container_bridge_ips():
+    """Return {ifname: ip} for all active container bridge interfaces.
+    Used to add listen-address directives to the physical VLAN's dnsmasq
+    instance so containers can reach the local DNS resolver.
+    Works universally for Docker, Podman, LXC, libvirt, etc.
+    """
+    try:
+        result = subprocess.run(
+            ["ip", "-j", "addr", "show", "type", "bridge"],
+            capture_output=True, text=True, timeout=5
+        )
+        if result.returncode != 0:
+            return {}
+        import json as _json
+        links = _json.loads(result.stdout)
+        out = {}
+        for l in links:
+            if l.get("operstate") != "UP":
+                continue
+            for addr in l.get("addr_info", []):
+                if addr.get("family") == "inet":
+                    out[l["ifname"]] = addr["local"]
+                    break
+        return out
+    except Exception:
+        return {}
+
 def apply_dnsmasq_instances(data, dry_run=False, start_if_needed=True):
    """Write per-VLAN dnsmasq configs and service units.