Skip to content

DNS doesn't work in v0.4.4 #54

Open
Open
DNS doesn't work in v0.4.4#54

Description

@cdrcnm
cdrcnm
opened on May 27, 2026

Hello.

After upgrading to greywall v0.3.6 and greyproxy v0.4.4, the DNS requests doesn't work inside the sandbox. Reverting to greyproxy v0.4.3 fix the issue. The TCP requests works fine.

Listening on all interfaces with --host 0.0.0.0 does not fix the issue.

Informations about the issue:

➜ greywall -- sh
$ ss -ulnp; ss -tlnp
State           Recv-Q          Send-Q                   Local Address:Port                     Peer Address:Port          Process
UNCONN          0               0                              0.0.0.0:53                            0.0.0.0:*
State           Recv-Q          Send-Q                   Local Address:Port                     Peer Address:Port          Process
LISTEN          0               5                            127.0.0.1:18321                         0.0.0.0:*
$ cat /etc/resolv.conf
nameserver 127.0.0.1
$ dig  api.anthropic.com
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.39-0ubuntu0.24.04.5-Ubuntu <<>> api.anthropic.com
;; global options: +cmd
;; no servers could be reached

On the host:

➜ ss -tulnp | grep 4305
udp   UNCONN 0      0                        127.0.0.1:43053      0.0.0.0:*    users:(("greyproxy",pid=62302,fd=7))
tcp   LISTEN 0      4096                     127.0.0.1:43051      0.0.0.0:*    users:(("greyproxy",pid=62302,fd=3))
tcp   LISTEN 0      4096                     127.0.0.1:43052      0.0.0.0:*    users:(("greyproxy",pid=62302,fd=6))
tcp   LISTEN 0      4096                     127.0.0.1:43053      0.0.0.0:*    users:(("greyproxy",pid=62302,fd=8))

System infos:

Ubuntu 24.04.4 LTS with systemd-resolved

greywall - lightweight, container-free sandbox for running untrusted commands
  Version: 0.3.6
  Built:   2026-05-22T23:56:35Z
  Commit:  1ab2de35d61c7bb9ef49aa3230b32efdde05215e
Platform: linux (kernel 6.17)

Checking system capabilities:
  ✓ bubblewrap
  ✓ socat
  ✓ seccomp
  ✓ landlock (v7)
  ✓ D-Bus isolated (notify-send proxied via xdg-dbus-proxy)
  ✓ xdg-dbus-proxy
  ✓ secret-tool (keyring credential injection for gh/glab)
  ✓ network isolation

greyproxy 0.4.4 (go1.25.10 linux/amd64)
  built:  2026-05-21T15:18:00Z
  commit: f7964ec2c502cd0781700db87b57bec5d8fff1cc

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions