Resolving hostnames with Linux Containers

Hi, I am having difficulties wrapping my head around how to resolve hostnames with the new linux containers.

Ive installed debian, with a linux container. I have the hostname set correctly in the container.

But I am not sure about how the container IP works… It picks an IP off my subnet and I use the Proxy settings to expose them. Ive installed virtualmin, and successfully exposed the administration ip’s through the proxy, so I get how that works, but how am I suppose to direct domain traffic to the VM?

I understand how if I had a separate IP accessible on the same subnet as TrueNAS how this might work… But I am stuck. Help please. (I looked for docs about this, but was not able to find any )

To accomplish this, people usually set up a DNS server on their network and configure the DHCP to point clients to it.

When creating an instance (Incus container or VMs) on TrueNAS 25.04.0 and later, there are two primary networking options:

  1. Incus Internal Network (incusbr0)
    Instances get IPv4/IPv6 addresses from the Incus managed network. They can communicate with each other via IP or DNS (e.g., debian1 can reach debian2 as debian2.incus).
    To expose services to your LAN, use Incus’ proxy feature to map host ports to instance ports.

  2. macvlan (Bridged to Physical Network)
    Instances get IPs directly from your LAN DHCP server and are fully accessible on the network—no need for port proxies.
    This is ideal if you want the instance to behave like any other device on your local network.

Choose the mode based on whether you want isolation (Incus internal) or direct LAN access (macvlan).

One important note when using macvlan: If you are using a macvlan network, communication between the Incus host and the instances is not possible. Both the host and the instances can talk to the gateway, but they cannot communicate directly. See Macvlan network - Incus documentation


Example: Reverse Proxy as Incus instance

As you can see in the screenshot below, I’ve created two container instances with the Incus managed network and mapped ports 80 and 443 of the host (my TrueNAS server) to the same ports in the instance proxy:

When I open prometheus.mydomain.net (an A record pointing to my TrueNAS server), traffic is forwarded to the container via the proxy feature of Incus. As Prometheus is running on the monitoring instance, the reverse proxy installed on the proxy instance forwards this traffic internally to monitoring.incus:9090.

Just to clarify, you can get the “best of both worlds” (instances accessible directly from LAN and from the host) by creating a bridge via the TrueNAS UI and configuring Incus to use that bridge (br0) instead of the default Incus bridge (incusbr0).

At the very least, that config works fine for VM instances… I haven’t tried container instances yet.