[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
[Expired for libvirt (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libvirt (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
[Expired for lxc (Ubuntu) because there has been no activity for 60 days.] ** Changed in: lxc (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Stéphane, given your comments pasted into #12, would you recommend calling this bug wontfix? ** Changed in: libvirt (Ubuntu) Status: New => Incomplete ** Changed in: lxc (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
There is concern that removing strict-order would at least double the dns traffic for most users, and is not the proper fix. >From irc logs (#ubuntu-server, feb 24) If the reporter is using a desktop machine, the real fix is to use NetworkManager which will properly setup dnsmasq to only use the VPN dns server for requests relevant to it hallyn: ok, so just did some tests. The problem there is clearly that the remote dns server is misconfigured. Trying with mine, I get NXDOMAIN for an invalid domain from a recursive server (as I should) but SERVFAIL for a domain outside the scope of a non-recursive server. SERVFAIL causes dnsmasq to query the next server, NXDOMAIN doesn't. SERVFAIL is nsd's response when non-recursive. REFUSED is bind's response when non-recursive. Both work with dnsmasq. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
This is an issue in trusty, and affects squid-deb-proxy as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
@sidnei - apologies, I had missed your response, after which the bug autoexpired. Hoping to get a comment from stgraber or cyphermox. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Reopening because this is still an issue in saucy and lxc. ** Changed in: libvirt (Ubuntu) Status: Expired => New ** Changed in: lxc (Ubuntu) Status: Expired => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
[Expired for libvirt (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libvirt (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
[Expired for lxc (Ubuntu) because there has been no activity for 60 days.] ** Changed in: lxc (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Tested on a cloud instance which doesn't have a local dnsmasq, it ended up with the following config: $ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.88.0.1 nameserver 10.55.60.1 search vpn.ubuntone.info canonistack Removing the --strict-order seems to solve the problem every single time consistently. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Marking incomplete pending info (from submitter or from me) on comment #2. ** Changed in: libvirt (Ubuntu) Importance: Undecided => Low ** Changed in: lxc (Ubuntu) Importance: Undecided => Low ** Changed in: libvirt (Ubuntu) Status: New => Incomplete ** Changed in: lxc (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Looking more through comments in https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1003842, it appears to me that the most uncontraversial fix, rather than removing --strict-order in lxc's dnsmasq, would be for dnsmasq on your host to have something like: server=/vpn.ubuntuone.info/10.88.0.1 and not have 10.88.0.1 in your resolv.conf at all. Mind you I do hate suggesting changes to otherwise-working setups to work around what can appear to be problems elsewhere. But going by http://www.zoneedit.com/doc/rfc/rfc2182.txt that appears to be the "correct" thing to do. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
So really it looks like the dnsmasq-2.47_no_nxdomain_until_end.patch in dnsmasq source is what - in MY humbe opinion - is what we'd need. Both for this, and for bug 1003842 and 1163147. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Does removing --strict-order work for your containers in all cases, or only some of the time? Looking through the dnsmasq manpage, 1. I'd expected --strict-order to mean that if the first nameserver doesn't know the answer, we try the second one. Apparently it only falls back if the first one is down altogether? 2. Given the actual behavior of (1), the default (not --strict-oder and not --all-servers) should just choose a name server at random. I would expect it sometimes happens to choose 10.88.0.1, and that if it is up and says "I dont' know that host", I'd expect fallback to be the SAME as with --strict-order. Which means I would have *expected* dnsmasq to try the next one, but in fact per your findings it should (randomly, half time time) simply fail to resolve. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
** Also affects: libvirt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1205086] Re: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
The vpn server is running a dnsmasq instance with the following settings: """ addn-hosts=/etc/hosts.openvpn-server addn-hosts=/etc/hosts.openvpn-clients no-hosts dns-forward-max=0 no-resolv """ In the vpn server configs, it is pushing it's own IP as a dns server: """ push "dhcp-option DNS 10.88.0.1" push "dhcp-option DOMAIN vpn.ubuntone.info" """ On the client configs, it's using the stock update-resolv-conf openvpn scripts to update resolvconf: """ up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf """ The end result is that the vpn client resolv.conf contains the following: """ $ cat /etc/resolv.conf nameserver 10.88.0.1 nameserver 127.0.1.1 search vpn.ubuntone.info """ Since the lxc dnsmasq doesn't specify what to use as resolver, and it has --strict-order, it ends up querying 10.88.0.1 first and since that name server is setup with no-resolv, then it gets refused and does not move on to the next one (127.0.1.1). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1205086 Title: lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1205086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
