4:29 a.m.
In some use cases we don't want the virtual network's DNS to only
listen to the vnet interface. Adding a publiclyAccessible attribute
to the dns element in the configuration allows the DNS to listen to
all interfaces.
It simply disables the bind-dynamic option of dnsmasq for the network.
---
This patch is v2 for this one:
https://www.redhat.com/archives/libvir-list/2015-June/msg00018.html
Diff to v1:
* Use bind-interface if public DNS is requested
* Add more tests
* Write out the public value in the format function
* Fixed the rng
* Renamed the attribute to public: shouldn't mislead users
I tested this patch with several configurations of running networks.
The only thing I noted though is that the user may need to adapt the system
dnsmasq to avoid address:port conflicts... but hey, when one uses such a
hacky feature of the libvirt network, he needs to take care of the rest ;)
docs/formatnetwork.html.in | 9 +++++++
docs/schemas/network.rng | 5 ++++
src/conf/network_conf.c | 28 ++++++++++++++++++++--
src/conf/network_conf.h | 1 +
src/network/bridge_driver.c | 3 ++-
.../nat-network-dns-not-public.conf | 15 ++++++++++++
.../nat-network-dns-not-public.xml | 15 ++++++++++++
.../nat-network-dns-public.conf | 15 ++++++++++++
.../networkxml2confdata/nat-network-dns-public.xml | 15 ++++++++++++
tests/networkxml2xmlin/nat-network-dns-public.xml | 9 +++++++
tests/networkxml2xmlout/nat-network-dns-public.xml | 11 +++++++++
tests/networkxml2xmltest.c | 1 +
12 files changed, 124 insertions(+), 3 deletions(-)
create mode 100644 tests/networkxml2confdata/nat-network-dns-not-public.conf
create mode 100644 tests/networkxml2confdata/nat-network-dns-not-public.xml
create mode 100644 tests/networkxml2confdata/nat-network-dns-public.conf
create mode 100644 tests/networkxml2confdata/nat-network-dns-public.xml
create mode 100644 tests/networkxml2xmlin/nat-network-dns-public.xml
create mode 100644 tests/networkxml2xmlout/nat-network-dns-public.xml
diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index 6abed8f..0141d93 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -851,6 +851,15 @@
DNS server.
</p>
+ <p>
+ The dns element
+ can have an optional <code>public</code> attribute
+ <span class="since">Since 1.2.17</span>. If
<code>public</code>
+ is "yes", then the DNS server will handle requests for all
interfaces.
+ If <code>public</code> is not set or "no", the DNS server
will
+ only handle requests for the interface of the virtual network.
+ </p>
+
Currently supported sub-elements of <code><dns></code>
are:
<dl>
<dt><code>forwarder</code></dt>
diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng
index 4edb6eb..f70e3dc 100644
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -249,6 +249,11 @@
<ref name="virYesNo"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="public">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
<interleave>
<zeroOrMore>
<element name="forwarder">
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 72006e9..e90c004 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -1332,9 +1332,14 @@ virNetworkDNSDefParseXML(const char *networkName,
size_t i;
int ret = -1;
xmlNodePtr save = ctxt->node;
+ char *public = NULL;
ctxt->node = node;
+ public = virXPathString("string(./@public)", ctxt);
+ if (public)
+ def->public = virTristateBoolTypeFromString(public);
+
forwardPlainNames = virXPathString("string(./@forwardPlainNames)", ctxt);
if (forwardPlainNames) {
def->forwardPlainNames = virTristateBoolTypeFromString(forwardPlainNames);
@@ -1433,6 +1438,7 @@ virNetworkDNSDefParseXML(const char *networkName,
ret = 0;
cleanup:
+ VIR_FREE(public);
VIR_FREE(forwardPlainNames);
VIR_FREE(fwdNodes);
VIR_FREE(hostNodes);
@@ -2416,7 +2422,7 @@ virNetworkDNSDefFormat(virBufferPtr buf,
size_t i, j;
if (!(def->forwardPlainNames || def->nfwds || def->nhosts ||
- def->nsrvs || def->ntxts))
+ def->nsrvs || def->ntxts || def->public))
return 0;
virBufferAddLit(buf, "<dns");
@@ -2431,7 +2437,25 @@ virNetworkDNSDefFormat(virBufferPtr buf,
return -1;
}
virBufferAsprintf(buf, " forwardPlainNames='%s'", fwd);
- if (!(def->nfwds || def->nhosts || def->nsrvs || def->ntxts)) {
+ if (!(def->nfwds || def->nhosts || def->nsrvs || def->ntxts ||
+ def->public)) {
+ virBufferAddLit(buf, "/>\n");
+ return 0;
+ }
+ }
+
+ if (def->public) {
+ const char *public = virTristateBoolTypeToString(def->public);
+
+ if (!public) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown public type %d in network"),
+ def->public);
+ return -1;
+ }
+ virBufferAsprintf(buf, " public='%s'", public);
+ if (!(def->nfwds || def->nhosts || def->nsrvs || def->ntxts ||
+ def->forwardPlainNames)) {
virBufferAddLit(buf, "/>\n");
return 0;
}
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 1cd5100..ae239b8 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -136,6 +136,7 @@ struct _virNetworkDNSDef {
virNetworkDNSSrvDefPtr srvs;
size_t nfwds;
char **forwarders;
+ int public; /* enum virTristateBool */
};
typedef struct _virNetworkIpDef virNetworkIpDef;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 3d6721b..8b11b51 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -991,7 +991,8 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
/* dnsmasq will *always* listen on localhost unless told otherwise */
virBufferAddLit(&configbuf, "except-interface=lo\n");
- if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC)) {
+ if (dnsmasqCapsGet(caps, DNSMASQ_CAPS_BIND_DYNAMIC) &&
+ network->def->dns.public != VIR_TRISTATE_BOOL_YES) {
/* using --bind-dynamic with only --interface (no
* --listen-address) prevents dnsmasq from responding to dns
* queries that arrive on some interface other than our bridge
diff --git a/tests/networkxml2confdata/nat-network-dns-not-public.conf
b/tests/networkxml2confdata/nat-network-dns-not-public.conf
new file mode 100644
index 0000000..021316f
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-not-public.conf
@@ -0,0 +1,15 @@
+##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
+## virsh net-edit default
+## or other application using the libvirt API.
+##
+## dnsmasq conf file created by libvirt
+strict-order
+domain=example.com
+expand-hosts
+domain-needed
+local=//
+except-interface=lo
+bind-dynamic
+interface=virbr0
+addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
diff --git a/tests/networkxml2confdata/nat-network-dns-not-public.xml
b/tests/networkxml2confdata/nat-network-dns-not-public.xml
new file mode 100644
index 0000000..cc78f34
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-not-public.xml
@@ -0,0 +1,15 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'/>
+ <bridge name='virbr0' stp='on' delay='0'/>
+ <domain name="example.com"/>
+ <dns forwardPlainNames='no' public='no'>
+ <host ip='192.168.122.1'>
+ <hostname>host</hostname>
+ <hostname>gateway</hostname>
+ </host>
+ </dns>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2confdata/nat-network-dns-public.conf
b/tests/networkxml2confdata/nat-network-dns-public.conf
new file mode 100644
index 0000000..05cbf43
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-public.conf
@@ -0,0 +1,15 @@
+##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
+## virsh net-edit default
+## or other application using the libvirt API.
+##
+## dnsmasq conf file created by libvirt
+strict-order
+domain=example.com
+expand-hosts
+domain-needed
+local=//
+except-interface=lo
+bind-interfaces
+interface=virbr0
+addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
diff --git a/tests/networkxml2confdata/nat-network-dns-public.xml
b/tests/networkxml2confdata/nat-network-dns-public.xml
new file mode 100644
index 0000000..9c59c7b
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-public.xml
@@ -0,0 +1,15 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'/>
+ <bridge name='virbr0' stp='on' delay='0'/>
+ <domain name="example.com"/>
+ <dns forwardPlainNames='no' public='yes'>
+ <host ip='192.168.122.1'>
+ <hostname>host</hostname>
+ <hostname>gateway</hostname>
+ </host>
+ </dns>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2xmlin/nat-network-dns-public.xml
b/tests/networkxml2xmlin/nat-network-dns-public.xml
new file mode 100644
index 0000000..0765a83
--- /dev/null
+++ b/tests/networkxml2xmlin/nat-network-dns-public.xml
@@ -0,0 +1,9 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'/>
+ <bridge name='virbr0' stp='on' delay='0' />
+ <dns public='yes'/>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2xmlout/nat-network-dns-public.xml
b/tests/networkxml2xmlout/nat-network-dns-public.xml
new file mode 100644
index 0000000..66caacd
--- /dev/null
+++ b/tests/networkxml2xmlout/nat-network-dns-public.xml
@@ -0,0 +1,11 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'>
+ <interface dev='eth0'/>
+ </forward>
+ <bridge name='virbr0' stp='on' delay='0'/>
+ <dns public='yes'/>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2xmltest.c b/tests/networkxml2xmltest.c
index 290336e..ba565bc 100644
--- a/tests/networkxml2xmltest.c
+++ b/tests/networkxml2xmltest.c
@@ -97,6 +97,7 @@ mymain(void)
DO_TEST("nat-network-dns-srv-record-minimal");
DO_TEST("nat-network-dns-hosts");
DO_TEST("nat-network-dns-forward-plain");
+ DO_TEST("nat-network-dns-public");
DO_TEST("nat-network-dns-forwarders");
DO_TEST("nat-network-forward-nat-address");
DO_TEST("8021Qbh-net");
--
2.1.4