linux | marco.ninja

DNS Resolution Everywhere

Notes | 2021-08-10 (updated 2025-10-25) | 1 min read
#container #dns #linux #sysadmin

Usually at least one of those is present on any system

dig
nslookup
host

But sometimes the usual suspects don’t work, especially in container-land. After trying them you may try some more involved/unknown things:

getent

Part of glibc, this will probably work on nearly every system.

getent hosts example.org

Or, if you specifically want to query A or AAAA records.

getent ahostsv4 example.org
getent ahostsv6 example.org

Using Python2 Or Python3

Given this depends on glibc it is more of a alternative then another real solution.

How SELinux screws with scripts when run over VMware Tools

Notes | 2021-08-08 (updated 2025-10-25) | 1 min read
#ansible #automation #linux #security #selinux #sysadmin #vmware

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).

This can be solved two ways:

Disabling SELinux: BAD, but easy
Writing a custom SELinux policy: complicated but more secure

Note: Adding/Changing this policy through a VMware tools connection is thankfully possible

Example policy

This policy is the base for a VMware tools policy and allows entering the rpm context (yum).

module custom-vmtools 1.0;

require {
        type rpm_script_t;
        type vmtools_unconfined_t;
        class process transition;
}

#============= vmtools_unconfined_t ==============

allow vmtools_unconfined_t rpm_script_t:process transition