Re: libvirt, dnsmasq, and resolvconf

2015-06-19 Thread Ross Boylan 
Laine Stump provided this useful info on the libvirt-users list:

This commit (which was included in libvirt 1.2.12) may help you to a
solution:


commit 298fa4858ced29e2c42681635a5a8dcd6da0b231
Author: Josh Stone jist...@redhat.com
Date:   Wed Dec 3 16:01:33 2014 -0800

network: Let domains be restricted to local DNS

This adds a new localOnly attribute on the domain element of the
network xml.  With this set to yes, DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b987d616, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly=yes to prevent the loop.

So it sounds like the proper thing to do is to set the localOnly
attribute and put the libvirt network in a subdomain, then point the
dnsmasq on the host to the libvirt dns for that subdomain.

[Comment by Ross: It seems this addresses my concern about a loop
between different copies of dnsmasq, at least if used with judicious
domain assignment.
Unfortunately, libvirt = 1.2.12 is only available in stretch/testing,
which is currently at 1.2.16.]

Ross


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAK3NTRBZqLJCRcJTeE3wDt45PZejQ7x3e-6r=wz3rd0zthi...@mail.gmail.com

libvirt, dnsmasq, and resolvconf

2015-06-18 Thread Ross Boylan 
I would like my host machine to be able to resolve the names of VMs on
libvirt's default network.  And I would like those VM's to resolve the
host machine properly.  VM's are resolving each other's names
correctly.  I'm currently on oldstable, wheezy.

*
The second problem is quick to describe, and so I'll start there.  On
one of the VM's I execute
terminal
ross@markov02:~$ nslookup markov00
Server: 192.168.122.1
Address:192.168.122.1#53

Name:   markov00
Address: 127.0.0.1
/terminal
markov00 is the host.  Unfortunately, on markov02 127.0.0.1 resolves
to markov02, not markov00 (which should be 192.168.122.1).  I think
the answer is the result of libvirt's dnsmasq reading in /etc/hosts
(on markov00) and getting the IP from there.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704803 raised this
issue, but there's no resolution.


*
Suspecting that the inability of markov00 to resolve markov02
(reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703912,
but not resolved) was integration with the resolvconf machinery, I
installed dnsmasq; libvirt only installed and uses dnsmasq-bin.  As
instructed in libvirt's README.Debian, I added a snippet so dnsmasq
would only listen on the loopback.  This didn't help.  I now realize
the dnsmasq run from the Debian dnsmasq package is basically
independent of the one run by libvirt, so it's just adding confusion
right now.

By using dig @192.168.122.1 from markov00 I can get the IP's of the VM's.

I am not the first to encounter either problem, but I haven't found
any good way to solve the them.  libvirt apparently starts dnsmasq
without reading any configuration file
(https://www.redhat.com/archives/libvir-list/2010-March/msg00038.html,
which thread is also a discussion between the dnsmasq author and the
libvirt team about getting things to work together), and so even some
of the hackish solutions (script runs when a new host is registered
and writes to a file, which the host dns resolver then queries) would
require hacking the libvirt source.

It seems as if adding the dnsmasq resolver on 192.168.122.1 to the
list of nameservers for the host to consult when the libvirt default
network started (which can happen at run time) would be the natural
solution.  But I suppose if dnsmasq is using the host DNS to get names
as a fallback the result would be a loop.

Failing that, exporting the entries as they are created is necessary.

Any ideas?
Ross Boylan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAK3NTRAPND7UBLaTwiFus1AxR8dPXWr3C_8vQh1CEYX=gu7...@mail.gmail.com