RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=849787 As currently configured, dnsmasq for a virtual network will pass some queries upstream toward the Internet. This includes AAAA and MX queries as well a A queries when dnsmasq cannot answer for that name. This is occurring whether a domain name is specified or not. The problem is that dnsmasq will, by default, forward all queries unless "local=" is specified. I cannot envision a situation where such queries should be forwarded. See the bugzilla report for more info. While I did a lot of testing to figure out the problem and what needed to be done to fix it, I am unable to actually rebuild the libvirt rpm in my environment. The solution is the following patch: diff -uNr libvirt-0.9.11.4.orig/src/network/bridge_driver.c libvirt-0.9.11.4/src/network/bridge_driver.c --- libvirt-0.9.11.4.orig/src/network/bridge_driver.c 2012-06-15 14:23:21.000000000 -0400 +++ libvirt-0.9.11.4/src/network/bridge_driver.c 2012-08-21 09:03:17.387602485 -0400 @@ -491,7 +491,13 @@ virCommandAddArgList(cmd, "--strict-order", "--bind-interfaces", NULL); if (network->def->domain) - virCommandAddArgList(cmd, "--domain", network->def->domain, NULL); +// virCommandAddArgList(cmd, "--domain", network->def->domain, NULL); + virCommandAddArgFormat(cmd, + "--domain %s --local=/%s/", + network->def->domain, + network->def->domain); + else + virCommandAddArg(cmd, "--local="); if (pidfile) virCommandAddArgPair(cmd, "--pid-file", pidfile);