Re: [libvirt] Proposal: no dnsmasq (no dhcp and no dns) and no radvd option

On 11/20/2012 05:29 PM, Laine Stump wrote: >On 11/20/2012 02:36 PM, Gene Czarcinski wrote: >>Laine mentioned something yesterday that got me to thinking: being >>able to specify that dnsmasq is not to be started for an interface. >> >>Let me expand that by saying that libvirt would not start dnsmasq for >>either dns or dhcp and also would not start radvd. However, the IPv4 >>and IPv6 gateway addresses would be defined on the virtual network >>interface and the "usual" iptables and ip6tables rules would be in force. >> >>This would allow a user to configure dnsmasq to meet any user desires >>or use something completely different instead of dnsmasq. >> >>Questions: Useful? Worth the time and effort? >That was already determined before I mentioned it to you - it's been >requested several times, and I've told some people it was "going to >happen", although didn't say when :-). > >> And then there is how should this be specified in the network xml >>file? ... some new parameter? ... A subperameter of <dns> such as >><dns disable='yes' /> ? ... a subparameter of <bridge> such as >><bridge name="virbr0" dns="disable" /> ? >The <bridge> element is commonly *not* specified manually, but is filled >in automatically be libvirt, so I don't think it's a good place to put >optional flags (you would end up manually specifying settings for the >things that are automatically filled in, like the bridge name). > >If anything, I would say the choice would be between putting it in <dns> >or in the toplevel <network>, i.e.: > > <network> > ... > <dns disable='yes'/> (or maybe "<dns enable='no'/> is better) > ... > </network> > >or > > <network dns='no'> > ... > </network> > >Or, maybe it would be even better to put it in the <ip> element: > > <ip address='192.168.122.1' netmask='255.255.255.0' dns='no'/> > >that way you could have dnsmasq listen on some of the IP addresses >defined for a network, but not others. > >At the same time, we probably to be able to disable ipv6 RA as well. >Since that's only enabled when there is an ipv6 address, it can also be >added into the <ip> element config: > > <ip family='ipv6' address='f00d::1' ra='no'/> (or maybe >"autoconf='no'" ?) > >Yeah, I think I like it best in <ip> (unless someone else has a better >idea). Not really better since I like the idea of adding this to <ip>. However, I believe this is wrong! it is a mistake to tie this to an IP address. Look at the problems that have occurred with dnsmasq.

Instead, I suggest that this be an expansion to <network>. For example, <network dns='no'>. This could also scratch an itch of mine for specifying logging: <network dnslog='yes" dhcplog='yes'>. Then there is the issue with bind-intererface and bind-dynamic: <network bind='dynamic'>