While working with Patrick today to deploy an updated IOC packaged in a container we found a problem resolving external hosts in DNS.

After some debugging it was traced down to DNS routing through a container health network that is an internal network.  The health network is an internal network as in not publically accessible, however marking it internal to the container system removed the egress route.  After I reconfigured the network to set internal=false it was able to properly lookup external hosts.

Notes for my future self.  When deploying containers using quadlets on Debian 13, the following is needed to reconfigure a podman network named NET (you must work through podman and systemd, and differing suffix/prefixes are added).

1. stop the systemd service:  systemctl stop NET-network

2. delete the podman network: podman network rm systemd-NET

3. reconfigure the NET.network file (in /etc/containers/systemd for system level networks)

4. systemctl daemon-reload

5. systemctl start systemd-NET

You can also do systemctl cat systemd-NET to verify that its parameters are correct.  Then podman network ls, podman network inspect to check on its full status.