Re: [libvirt] [PATCHv2] handle DNS over IPv6
On Mon, Jan 03, 2011 at 04:57:52PM +0100, Paweł Krześniak wrote:
handle DNS over IPv6
Firstly: Add ip6tables rules to allow DNS over IPv6 in network.
Secondly: start dnsmasq with --interface option instead of
--listen-address.
Dnsmasq currently uses "--listen-address IPv4_address" option, which
restricts DNS service to one IPv4 address only. We could append
--listen-address for every IPv[46] address defined on interface, but
it's cleaner to use "--interface brname".
While it is shorter to just use '--interface brname' this comes
at the price of loosing compatibility with older dnsmasq which
we still wish to support.
If we used '--listen-address $IPV4ADDR --listen-address $IPV6ADDR'
then people with dnsmasq < 2.48 can still use the virtual network
capability in a IPv4 only context without problems. Only those
people who actually needed IPv6 DNS would have to upgrade to
newer dnsmasq.
There were some problems in the past with --interface option.
Dnsmasq
version 2.46 and earlier exited with error when tired to bind() to IPv6
addresses on just brought up interfaces, because DAD (Duplicate
Address Detection) takes some time to finish and bind() returns
EADDRNOTAVAIL which caused dnsmasq to exit.
Dnsmasq version 2.47 (released on 05-Feb-2009) fixed this issue by
retrying bind() after getting EADDRNOTAVAIL error (as described in
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG;
loop itself is defined in dnsmasq-2.47/src/network.c:404)
* Using --interface option causes longer network startup:
$ time virsh -c qemu:///system net-start isolated1
Network isolated1 started
real 0m0.112s
user 0m0.013s
sys 0m0.009s
$ time virsh -c qemu:///system net-start isolated1
Network isolated1 started
real 0m2.101s
user 0m0.011s
sys 0m0.011s
Do you have any idea what causes the delay ? In particular is
the delay caused by the use of --listen-interface, or caused
by the addition of IPv6 addrs ?
Based on your descriptions here it sounds like going for multiple
--listen-address parameters offers the same level of overall
functionality, but with better compatibility for people on older
dnsmasq. So I'm not seeing a compelling reason to switch over to
using --listen-interface
Regards,
Daniel