On Thu, Jun 02, 2016 at 11:26:17PM +0200, Martin Pitt wrote: > Hello Stéphane, > > to conclude the lose end of this thread.. > > Stéphane Graber [2016-05-31 15:52 -0400]: > > > > 1) Does resolved now support split DNS support? > > > > That is, can Network Manager instruct it that only *.example.com > > > > should be sent to the DNS servers provided by a given VPN? > > > > > > resolved has a D-Bus API SetLinkDomains(), similar in spirit to > > > dnsmasq. However, NM does not yet know about this, and only indirectly > > > talks to resolved via writing /etc/resolv.conf (again indirectly via > > > resolvconf). So the functionality on the resolved is there, but we > > > don't use it yet. This is being tracked in the blueprint. > > > > Ok and does it support configuring this per-domain thing through > > configuration files? > > > > That's needed so that LXC, LXD, libvirt, ... can ship a file defining a > > domain for their bridge which is then forwarded to their dnsmasq > > instance. > > In my other reply I said that resolved doesn't have this kind of > fine-grained configuration files, as it mostly expects network > management software to tell it about these things. But what you *can* > do is to use networkd for this: > > $ cat /lib/systemd/network/lxdbr0.network > [Match] > Name=lxdbr0 > > [Network] > DNS=127.0.0.1 > Domains= ~lxd > > With this, networkd won't actually set up the bridge (as there is no > DCHP=, Address=, corresponding .netdev etc.), but as soon as it comes > up via auto-activation of lxd-bridge.service, it will poke that > information into resolved (via the above SetLinkDomains() call). I > just tested that in a VM, and it does what you expect. > > The main drawback is that you need to start systemd-networkd.service > for this (at least as a Requires= of lxd-bridge.service). Now, on > server/cloud we want to move to networkd anyway, but on a desktop we'd > usually only have NetworkManager running. So this overhead would > mainly be justified if you would consider replacing lxd-bridge.service > by a "full" networkd config, i. e. let the above file actually set up > and configure the full bridge (But this doesn't go that well with the > existing /etc/default/lxd-bridge format). > > If using a configuration *file* is not a tight requirement, but you > only actually care about this working OOTB, then a less intrusive > approach might be to just add a dbus-send/gdbus/busctl ExecStartPost= > to lxd-bridge.service that does the SetLinkDomains() call. > > I initially thought about lxd just dropping a resolvconf hook, but > that doesn't work I think: /etc/resolv.conf has no syntax for > domain-specific DNS servers, so we need to use a richer API like > dnsmasq or resolved for these. > > Would either approach work for you, or do we need something different?
We'd probably do it through dbus-send then in the bridge configuration script. Does the resolved configuration persists? That is, if resolved gets a package update and is restarted, will it loose the information it knows about .lxd, .lxc, .libvirt, ...? > > Thanks, > > Martin -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel