resolving container names wrong in https://help.ubuntu.com/lts/serverguide/lxc.html

When following instructions for the Networking section on a newly installed 14.03 LTS Ubuntu server install (that was then subsequently upgraded) for LXC I ran into issues.

I tried to follow the instructions to set up name resolution for containers, so e.g. you can type 'ping u1.lxc' and the name would resolve to the u1 container's IP address and it would respond to ping. Everything worked but the name resolution, e.g. pinging the IP address directly worked, but nslookup u1.lxc failed.

To resolve the problem I enabled various logging and found that although the instructions to configure dnsmasq as it is launched by lxc were correct, further configuration of the host is needed so that the dnsmasq name server is treated authoritatively over the network's name server (I am using vmware so that is 192.168.8.2). To do this I uncommented the prepend config option in /etc/dhcp/dhclient.conf and plugged in the IP address dnsmasq's name server is hosting at (10.0.1.3, which I got from ps aux | grep dnsmasq). Without this configuration, the host never consults with dnsmasq for the lxc domain since it is not authoritative.

There are security implications to users following the docs potentially using an external u1.lxc and thinking its the internal container they are running when its not, but this would require access to the DNS server the user is relying on and so this seems like a difficult and unrealistic attack vector.