On Wed, Nov 21, 2012 at 07:18:20AM -0500, Gene Czarcinski wrote:
> On 11/20/2012 05:29 PM, Laine Stump wrote:
> >On 11/20/2012 02:36 PM, Gene Czarcinski wrote:
> >>Laine mentioned something yesterday that got me to thinking: being
> >>able to specify that dnsmasq is not to be started for an interface.
> >>
> >>Let me expand that by saying that libvirt would not start dnsmasq for
> >>either dns or dhcp and also would not start radvd.  However, the IPv4
> >>and IPv6 gateway addresses would be defined on the virtual network
> >>interface and the "usual" iptables and ip6tables rules would be in force.
> >>
> >>This would allow a user to configure dnsmasq to meet any user desires
> >>or use something completely different instead of dnsmasq.
> >>
> >>Questions:  Useful?  Worth the time and effort?
> >That was already determined before I mentioned it to you - it's been
> >requested several times, and I've told some people it was "going to
> >happen", although didn't say when :-).
> >
> >>   And then there is how should this be specified in the network xml
> >>file? ... some new parameter?  ... A subperameter of <dns> such as
> >><dns disable='yes' /> ?  ... a subparameter of <bridge> such as
> >><bridge name="virbr0" dns="disable" /> ?
> >The <bridge> element is commonly *not* specified manually, but is filled
> >in automatically be libvirt, so I don't think it's a good place to put
> >optional flags (you would end up manually specifying settings for the
> >things that are automatically filled in, like the bridge name).
> >
> >If anything, I would say the choice would be between putting it in <dns>
> >or in the toplevel <network>, i.e.:
> >
> >     <network>
> >     ...
> >       <dns disable='yes'/> (or maybe "<dns enable='no'/> is better)
> >     ...
> >     </network>
> >
> >or
> >
> >     <network dns='no'>
> >       ...
> >     </network>
> >
> >Or, maybe it would be even better to put it in the <ip> element:
> >
> >     <ip address='192.168.122.1' netmask='255.255.255.0' dns='no'/>
> >
> >that way you could have dnsmasq listen on some of the IP addresses
> >defined for a network, but not others.
> >
> >At the same time, we probably to be able to disable ipv6 RA as well.
> >Since that's only enabled when there is an ipv6 address, it can also be
> >added into the <ip> element config:
> >
> >     <ip family='ipv6' address='f00d::1' ra='no'/> (or maybe
> >"autoconf='no'" ?)
> >
> >Yeah, I think I like it best in <ip> (unless someone else has a better
> >idea).
> Not really better since I like the idea of adding this to <ip>.
> However, I believe this is wrong!  it is a mistake to tie this to an
> IP address.  Look at the problems that have occurred with dnsmasq.

I agree, we should let this be controlled independently of
the <ip> tag. You might want to allow DNS, without defining
any IP elements at all.

> Instead, I suggest that this be an expansion to <network>. 
>  For example, <network dns='no'>.  This could also scratch
> an itch of mine for specifying logging:
>  <network dnslog='yes" dhcplog='yes'>.  Then there is the
> issue with bind-intererface and bind-dynamic:
>  <network bind='dynamic'>

Since you envisage multiple config parameters related to
DNS, this argues for a top level <dns> element to group
them all together.

  <network>
    ...
    <dns.../>
    ...
  </network>


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to