8:58 a.m.
Hi,
this is the patch to add DNS TXT record support to libvirt networking
driver since this is feature that's supported by DNSMasq that's being
used by the bridge driver.
Maybe you fail to understand the reasons why to implement such a feature
however it's a good thing IMHO since user could provide some information
in the DNS TXT record headers. The headers are, of course, configurable
in the network XML description and the idea got to me when I was reading
an article about DKIM (DomainKeys Identified Mail) since it's using TXT
records in the DNS to provide the public keys. This inspired me to
implement the DNS TXT record support to libvirt bridge driver to allow
users expose some information to the guest if they want to do so etc.
Limitations:
- Records names and values containing space (' ') arguments are altered
to change spaces to underscores ('_'). This is because of proper
argument handling when spawning dnsmasq.
Technical details:
The --txt-record argument should be supported by all version of DNSMasq
which allows us to use it in all of the cases for the libvirt bridge
driver. The only thing user has to do is to edit the network XML
description in libvirt and append:
<dns>
<txt_record name='some name' value='some value' />
</dns>
after the DHCP elements of network IP (<ip>) tree. After creating such
a definition user has to restart this virtual network for changes to
take effect, i.e. to spawn DNSMasq with new --txt-record arguments.
User can confirm the proper configuration of DNS TXT records both by
looking to the dnsmasq command-line (i.e. `ps aux | grep dnsmasq`)
where information about --txt-record=some_name,some_value should be
present or test it in the host/guest itself by digging the TXT record
from there, i.e. using `dig TXT some_name @ip` from the host (since
the it's running on the @ip and not the gateway for host) or `dig TXT
some_name` from the guest where the value "some_value" should be output
in both cases.
This has been developed and tested on Fedora i386 box and everything
was working fine.
Michal
Signed-off-by: Michal Novotny <minovotn(a)redhat.com>
---
src/conf/network_conf.c | 64 +++++++++++++++++++++++++++++++++++++++++++
src/conf/network_conf.h | 16 +++++++++++
src/network/bridge_driver.c | 28 +++++++++++++++++++
3 files changed, 108 insertions(+), 0 deletions(-)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index dcab9de..3e07496 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -435,6 +435,53 @@ virNetworkDHCPRangeDefParseXML(const char *networkName,
}
static int
+virNetworkDNSDefParseXML(virNetworkIpDefPtr def,
+ xmlNodePtr node)
+{
+
+ xmlNodePtr cur;
+
+ if (VIR_ALLOC(def->dns)) {
+ virReportOOMError();
+ return -1;
+ }
+
+ cur = node->children;
+ while (cur != NULL) {
+ if (cur->type == XML_ELEMENT_NODE &&
+ xmlStrEqual(cur->name, BAD_CAST "txt_record")) {
+ char *name, *value;
+
+ if (!(name = virXMLPropString(cur, "name"))) {
+ cur = cur->next;
+ continue;
+ }
+ if (!(value = virXMLPropString(cur, "value"))) {
+ VIR_FREE(name);
+ cur = cur->next;
+ continue;
+ }
+
+ if (VIR_REALLOC_N(def->dns->txtrecords, def->dns->ntxtrecords +
1) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
+ def->dns->txtrecords[def->dns->ntxtrecords].name = strdup(name);
+ def->dns->txtrecords[def->dns->ntxtrecords].value =
strdup(value);
+ def->dns->ntxtrecords++;
+
+ VIR_FREE(name);
+ VIR_FREE(value);
+ }
+
+ cur = cur->next;
+ }
+
+ return 0;
+}
+
+static int
virNetworkIPParseXML(const char *networkName,
virNetworkIpDefPtr def,
xmlNodePtr node,
@@ -550,6 +597,12 @@ virNetworkIPParseXML(const char *networkName,
goto error;
} else if (cur->type == XML_ELEMENT_NODE &&
+ xmlStrEqual(cur->name, BAD_CAST "dns")) {
+ result = virNetworkDNSDefParseXML(def, cur);
+ if (result)
+ goto error;
+
+ } else if (cur->type == XML_ELEMENT_NODE &&
xmlStrEqual(cur->name, BAD_CAST "tftp")) {
char *root;
@@ -828,6 +881,17 @@ virNetworkIpDefFormat(virBufferPtr buf,
virBufferAddLit(buf, " </dhcp>\n");
}
+ if ((def->dns != NULL) && (def->dns->ntxtrecords)) {
+ int ii;
+
+ virBufferAddLit(buf, " <dns>\n");
+ for (ii = 0 ; ii < def->dns->ntxtrecords ; ii++) {
+ virBufferVSprintf(buf, " <txt_record name='%s'
value='%s' />\n",
+ def->dns->txtrecords[ii].name,
+ def->dns->txtrecords[ii].value);
+ }
+ virBufferAddLit(buf, " </dns>\n");
+ }
virBufferAddLit(buf, " </ip>\n");
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 281124b..5f47595 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -57,6 +57,20 @@ struct _virNetworkDHCPHostDef {
virSocketAddr ip;
};
+typedef struct _virNetworkDNSTxtRecordsDef virNetworkDNSTxtRecordsDef;
+typedef virNetworkDNSTxtRecordsDef *virNetworkDNSTxtRecordsDefPtr;
+struct _virNetworkDNSTxtRecordsDef {
+ char *name;
+ char *value;
+};
+
+struct virNetworkDNSDef {
+ unsigned int ntxtrecords;
+ virNetworkDNSTxtRecordsDefPtr txtrecords;
+} virNetworkDNSDef;
+
+typedef struct virNetworkDNSDef *virNetworkDNSDefPtr;
+
typedef struct _virNetworkIpDef virNetworkIpDef;
typedef virNetworkIpDef *virNetworkIpDefPtr;
struct _virNetworkIpDef {
@@ -75,6 +89,8 @@ struct _virNetworkIpDef {
unsigned int nranges; /* Zero or more dhcp ranges */
virNetworkDHCPRangeDefPtr ranges;
+ virNetworkDNSDefPtr dns; /* DNS related settings for DNSMasq */
+
unsigned int nhosts; /* Zero or more dhcp hosts */
virNetworkDHCPHostDefPtr hosts;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index c30620a..89c1431 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -442,6 +442,19 @@ networkSaveDnsmasqHostsfile(virNetworkIpDefPtr ipdef,
return 0;
}
+static char *
+replace_all(char *input, int chr1, int chr2)
+{
+ int pos;
+ char *tmp;
+ char *out;
+
+ out = strdup(input);
+ while ((tmp = strchr(out, chr1)) != NULL)
+ out[ strlen(input) - strlen(tmp) ] = chr2;
+
+ return out;
+}
static int
networkBuildDnsmasqArgv(virNetworkObjPtr network,
@@ -497,6 +510,21 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
if (network->def->forwardType == VIR_NETWORK_FORWARD_NONE)
virCommandAddArg(cmd, "--dhcp-option=3");
+ if (ipdef->dns != NULL) {
+ int i;
+
+ for (i = 0; i < ipdef->dns->ntxtrecords; i++) {
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+ virBufferVSprintf(&buf, "%s,%s",
+ replace_all(ipdef->dns->txtrecords[i].name, '
', '_'),
+ replace_all(ipdef->dns->txtrecords[i].value, '
', '_'));
+
+ virCommandAddArgPair(cmd, "--txt-record",
virBufferContentAndReset(&buf));
+ VIR_FREE(buf);
+ }
+ }
+
/*
* --interface does not actually work with dnsmasq < 2.47,
* due to DAD for ipv6 addresses on the interface.
--
1.7.3.2
4:02 p.m.
I haven't had time yet to look at the code in detail, but thought I
should send this preliminary commentary.
On 03/24/2011 09:58 AM, Michal Novotny wrote:
Hi,
this is the patch to add DNS TXT record support to libvirt networking
driver since this is feature that's supported by DNSMasq that's being
used by the bridge driver.
Maybe you fail to understand the reasons why to implement such a feature
however it's a good thing IMHO since user could provide some information
in the DNS TXT record headers.
As a matter of fact, I think that not only is this useful, but
configuring other capabilities presented by dnsmasq would be good. I
think you'll find a kindred spirit in Paweł Krześniak, who was also
wanting some other dnsmasq capabilities exposed (I forget which now).
The headers are, of course, configurable
in the network XML description and the idea got to me when I was reading
an article about DKIM (DomainKeys Identified Mail) since it's using TXT
records in the DNS to provide the public keys. This inspired me to
implement the DNS TXT record support to libvirt bridge driver to allow
users expose some information to the guest if they want to do so etc.
Limitations:
- Records names and values containing space (' ') arguments are altered
to change spaces to underscores ('_'). This is because of proper
argument handling when spawning dnsmasq.
Is this really necessary? We're not talking about a shell commandline
here, but an array of null terminated strings. If it's a restriction
placed by dnsmasq itself, then we should just disallow ' ' during
parsing rather than silently changing it, to avoid surprises.
Technical details:
The --txt-record argument should be supported by all version of DNSMasq
which allows us to use it in all of the cases for the libvirt bridge
driver. The only thing user has to do is to edit the network XML
description in libvirt and append:
<dns>
<txt_record name='some name' value='some value' />
</dns>
I was told awhile back that putting underscores in XML element names was
strongly frowned upon (although there are certainly already examples of
it in libvirt xml).
Also, it would be really nice (especially it would make Eric happy :-)
if you included with your patch some changes to
docs/formatnetwork.html.in to add this to the documentation.
Have you thought about how this config model would apply to adding the
other dns-related stuff that can be done with dnsmasq. It would be
unfortunate if we took this first step and it turned out to not be a
good match for the natural followons. Maybe we should take a short bit
of time to consider the larger picture to make sure we'lll be able to
easily and logically add the other stuff later (this might be the right
way, I just haven't had time yet to think about it)
after the DHCP elements of network IP (<ip>) tree. After
creating such
a definition user has to restart this virtual network for changes to
take effect, i.e. to spawn DNSMasq with new --txt-record arguments.
User can confirm the proper configuration of DNS TXT records both by
looking to the dnsmasq command-line (i.e. `ps aux | grep dnsmasq`)
where information about --txt-record=some_name,some_value should be
present or test it in the host/guest itself by digging the TXT record
from there, i.e. using `dig TXT some_name @ip` from the host (since
the it's running on the @ip and not the gateway for host) or `dig TXT
some_name` from the guest where the value "some_value" should be output
in both cases.
This has been developed and tested on Fedora i386 box and everything
was working fine.
6:34 a.m.
Hi Laine,
thanks for your reply. Comments inline...
On 03/25/2011 10:02 PM, Laine Stump wrote:
I haven't had time yet to look at the code in detail, but thought
I
should send this preliminary commentary.
On 03/24/2011 09:58 AM, Michal Novotny wrote:
> Hi,
> this is the patch to add DNS TXT record support to libvirt networking
> driver since this is feature that's supported by DNSMasq that's being
> used by the bridge driver.
>
> Maybe you fail to understand the reasons why to implement such a feature
> however it's a good thing IMHO since user could provide some information
> in the DNS TXT record headers.
As a matter of fact, I think that not only is this useful, but
configuring other capabilities presented by dnsmasq would be good. I
think you'll find a kindred spirit in Paweł Krześniak, who was also
wanting some other dnsmasq capabilities exposed (I forget which now).
Well, I have to agree that there are some options/capabilities that
would be good to be configurable.
Now, the dnsmasq command line is:
/usr/sbin/dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override
where only listen-address and just some DHCP related options are
configurable using the XML -> like dhcp-range, I don't know whether we
need to configure lease file and dhcp-lease-max value is being
configurable indirectly since if we have the 192.168.122.0/24 network
(defined by gateway IP address of 192.168.122.1, netmask of
255.255.255.0 and dhcp range from .2 to .254 because of reserved IP
addresses) we can easily calculate the DHCP lease max value.
The option that would be worth considering to be configurable could be
--dhcp-no-override option for this but I don't know whether this could
be useful. There's the description from DNSMasq man page:
--dhcp-no-override
Disable re-use of the DHCP servername and filename fields as extra
option space. If it can, dnsmasq moves the boot server and filename
information (from dhcp-boot) out of their dedicated fields into DHCP
options. This make extra space available in the DHCP packet for options
but can, rarely, confuse old or broken clients. This flag forces "simple
and safe" behaviour to avoid problems in such a case.
So I don't know whether we really need this configurable although it may
be a good thing.
For other DNSMasq option it may be good to make --local-ttl (and/or
--neg-ttl) and maybe --strict-order configurable but I don't know how
good it could be for the options. If we make some kind of default value
and make this optional this could be good however we don't want to dump
everything in the XML (if set to default for libvirt network) since we
don't want our XML to be extra-complex AFAIK (and DNSMasq is having
really many argument options).
> The headers are, of course, configurable
> in the network XML description and the idea got to me when I was reading
> an article about DKIM (DomainKeys Identified Mail) since it's using TXT
> records in the DNS to provide the public keys. This inspired me to
> implement the DNS TXT record support to libvirt bridge driver to allow
> users expose some information to the guest if they want to do so etc.
>
> Limitations:
> - Records names and values containing space (' ') arguments are altered
> to change spaces to underscores ('_'). This is because of proper
> argument handling when spawning dnsmasq.
Is this really necessary? We're not talking about a shell commandline
here, but an array of null terminated strings. If it's a restriction
placed by dnsmasq itself, then we should just disallow ' ' during
parsing rather than silently changing it, to avoid surprises.
Well, that's the reason since if we quote this we can't use dig to dig
it correctly without the quotes. This was simply the way to disallow ' '
by changing it to underscores since I didn't want the definition to fail
because of this.
> Technical details:
>
> The --txt-record argument should be supported by all version of DNSMasq
> which allows us to use it in all of the cases for the libvirt bridge
> driver. The only thing user has to do is to edit the network XML
> description in libvirt and append:
>
> <dns>
> <txt_record name='some name' value='some value' />
> </dns>
I was told awhile back that putting underscores in XML element names was
strongly frowned upon (although there are certainly already examples of
it in libvirt xml).
Well, there are some of them used in libvirt XML files and that's why I
used them. Do you think I'd rather change it not to use it and trim from
"txt_record" just to "txt" ?
Also, it would be really nice (especially it would make Eric happy
:-)
if you included with your patch some changes to
docs/formatnetwork.html.in to add this to the documentation.
Good point. I'll add it there once we make up some form how to have this
in the XML file and also what to make configurable by this patch, i.e.
once the patch design is having the final form.
Have you thought about how this config model would apply to adding
the
other dns-related stuff that can be done with dnsmasq. It would be
unfortunate if we took this first step and it turned out to not be a
good match for the natural followons. Maybe we should take a short bit
of time to consider the larger picture to make sure we'lll be able to
easily and logically add the other stuff later (this might be the right
way, I just haven't had time yet to think about it)
You're right. I completely agree since there are many DNS related
options as I'm looking into the DNSMasq man page. From what I know the
port, txt-record, query-port, edns UDP packet max-size and SRV, TXT,
PTR, NAPTR and also CNAME records are supported to be added/changed so I
guess making some larger picture of what my patch should implement could
be a good thing.
I wrote the patch to introduce just passing the TXT records to the
dnsmasq arguments however passing those information for SRV, PTR, NAPTR
and CNAME records could be a good thing as well.
This patch should be about DNS options only and if want some other
dnsmasq options that are not DNS related we may put that into a separate
patch IMHO.
What do you think about implementing these? Which do you think are good
to be implemented and which are not required to be supported?
Thanks,
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
10:38 a.m.
On 03/28/2011 01:34 PM, Michal Novotny wrote:
Hi Laine,
thanks for your reply. Comments inline...
On 03/25/2011 10:02 PM, Laine Stump wrote:
> I haven't had time yet to look at the code in detail, but thought I
> should send this preliminary commentary.
>
> On 03/24/2011 09:58 AM, Michal Novotny wrote:
>> Hi,
>> this is the patch to add DNS TXT record support to libvirt networking
>> driver since this is feature that's supported by DNSMasq that's being
>> used by the bridge driver.
>>
>> Maybe you fail to understand the reasons why to implement such a feature
>> however it's a good thing IMHO since user could provide some information
>> in the DNS TXT record headers.
> As a matter of fact, I think that not only is this useful, but
> configuring other capabilities presented by dnsmasq would be good. I
> think you'll find a kindred spirit in Paweł Krześniak, who was also
> wanting some other dnsmasq capabilities exposed (I forget which now).
Well, I have to agree that there are some options/capabilities that
would be good to be configurable.
It would be great to:
1) add <user-class> and <vendor-class> tags inside <dhcp> that allow
filtering according to user/vendor classes
2) allow to specify <bootp> inside those as well as inside <range>
or <host> elements.
3) add support for DHCP options besides bootp, with a tag like <option
force="yes|no" name="..." value="...">.
For example, my router's DHCP configuration would look like this:
<dhcp>
<range ...>
<user-class prefix="iPXE">
<bootp file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
</user-class>
<bootp file="undionly.kpxe">
</dhcp>
>> The headers are, of course, configurable
>> in the network XML description and the idea got to me when I was reading
>> an article about DKIM (DomainKeys Identified Mail) since it's using TXT
>> records in the DNS to provide the public keys. This inspired me to
>> implement the DNS TXT record support to libvirt bridge driver to allow
>> users expose some information to the guest if they want to do so etc.
>>
>> Limitations:
>> - Records names and values containing space (' ') arguments are
altered
>> to change spaces to underscores ('_'). This is because of proper
>> argument handling when spawning dnsmasq.
>
> Is this really necessary? We're not talking about a shell commandline
> here, but an array of null terminated strings. If it's a restriction
> placed by dnsmasq itself, then we should just disallow ' ' during
> parsing rather than silently changing it, to avoid surprises.
Well, that's the reason since if we quote this we can't use dig to dig
it correctly without the quotes. This was simply the way to disallow ' '
by changing it to underscores since I didn't want the definition to fail
because of this.
It must be possible to use record values containing a space.
$ dig TXT gmail.com
[...]
;; QUESTION SECTION:
;gmail.com. IN TXT
;; ANSWER SECTION:
gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
Paolo
5:52 a.m.
[snip]
It would be great to:
1) add <user-class> and <vendor-class> tags inside <dhcp> that allow
filtering according to user/vendor classes
Well, I didn't know this is supported by DNSMasq but it seems to be
(according to the manpage at least):
-U, --dhcp-vendorclass=<network-id>,<vendor-class>
Map from a vendor-class string to a network id tag. Most
DHCP clients provide a "vendor class" which represents, in some sense,
the type of host. This option maps ven‐
dor classes to tags, so that DHCP options may be
selectively delivered to different classes of hosts. For example
dhcp-vendorclass=printers,Hewlett-Packard JetDirect
will allow options to be set only for HP printers like
so: --dhcp-option=printers,3,192.168.4.4 The vendor-class string is
substring matched against the vendor-class
supplied by the client, to allow fuzzy matching.
-j, --dhcp-userclass=<network-id>,<user-class>
Map from a user-class string to a network id tag (with
substring matching, like vendor classes). Most DHCP clients provide a
"user class" which is configurable. This
option maps user classes to tags, so that DHCP options
may be selectively delivered to different classes of hosts. It is
possible, for instance to use this to set a
different printer server for hosts in the class "accounts"
than for hosts in the class "engineering".
There's also MAC mapping:
-4, --dhcp-mac=<network-id>,<MAC address>
Map from a MAC address to a network-id tag. The MAC
address may include wildcards. For example
--dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any host
whose MAC address matches the pattern.
2) allow to specify <bootp> inside those as well as inside
<range>
or <host> elements.
Right, there's bootp option:
-M,
--dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server
address>]]
Set BOOTP options to be returned by the DHCP server.
Server name and address are optional: if not provided, the name is left
empty, and the address set to the address
of the machine running dnsmasq. If dnsmasq is providing a
TFTP service (see --enable-tftp ) then only the filename is required
here to enable network booting. If the
optional network-id(s) are given, they must match for this
configuration to be sent. Note that network-ids are prefixed by "net:"
to distinguish them.
3) add support for DHCP options besides bootp, with a tag like
<option
force="yes|no" name="..." value="...">.
For example, my router's DHCP configuration would look like this:
<dhcp>
<range ...>
<user-class prefix="iPXE">
<bootp file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
</user-class>
<bootp file="undionly.kpxe">
</dhcp>
That's not a bad idea at all and I think it's worth it however
originally my patch was about DNS and not DHCP. I have to admit that DNS
TXT record only patch was not the right thing to be implemented since I
should have implemented all the DNS records supported (mentioned in this
thread but from what I recall it would be support for PTR, TXT, SRV,
NAPTR and CNAME records to support all of the DNS records).
Well, I've been investigating a little more and it's possible to have it
in the value of the record for this but not the name of the record.
I tried following invocations of dnsmasq (I tried it on port 52 instead
not to mess up with my current networking):
first-term# dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon -p 52
--txt-record="some name","some value"
second-term$ dig TXT some name @192.168.122.1 -p 52
connection timed out; no servers could be reached
second-term$ dig TXT "some name" @192.168.122.1 -p 52
;; ANSWER SECTION:
some\032name. 0 IN TXT "some value"
first-term# dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon -p 52
--txt-record=some-name,"some value"
$ dig TXT some-name @192.168.122.1 -p 52
;; ANSWER SECTION:
some-name. 0 IN TXT "some value"
So I guess we should disable the spaces in the name since it's being
interpreted like \032 characters as can be seen in the dig output - we
should either disable such a definition entirely or change spaces (' ')
to dashes ('-'). But escaping the value of the record to the quotes is a
good thing since this is working fine.
So what do you think about this? Also, do you think we should implement
everything connected to DNSMasq mentioned there (i.e. both DNS and DHCP
stuff) in one commit, just few separate patches (e.g. one for DNS and
second for DHCP/BOOTP) ?
Thanks,
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
6:16 a.m.
On 03/29/2011 12:52 PM, Michal Novotny wrote:
[snip]
> It would be great to:
>
> 1) add<user-class> and<vendor-class> tags inside<dhcp> that
allow
> filtering according to user/vendor classes
Well, I didn't know this is supported by DNSMasq but it seems to be
Yes, I am using it. :)
-4, --dhcp-mac=<network-id>,<MAC address>
Map from a MAC address to a network-id tag. The MAC
address may include wildcards. For example
--dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any host
whose MAC address matches the pattern.
Interesting.
> 2) allow to specify<bootp> inside those as well as
inside<range>
> or<host> elements.
Right, there's bootp option:
It's already supported by libvirt.
> 3) add support for DHCP options besides bootp, with a tag
like<option
> force="yes|no" name="..." value="...">.
>
> For example, my router's DHCP configuration would look like this:
>
> <dhcp>
> <range ...>
> <user-class prefix="iPXE">
> <bootp
file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
> </user-class>
> <bootp file="undionly.kpxe">
> </dhcp>
>
That's not a bad idea at all and I think it's worth it however
originally my patch was about DNS and not DHCP.
Yes, of course.
Thinking more about it, <range ...> could also be (optionally) placed
inside <user-class> and <vendor-class> ("serve this range only to this
user class or vendor class").
I have to admit that DNS
TXT record only patch was not the right thing to be implemented since I
should have implemented all the DNS records supported
Should you? I am not sure of that. Are they really so useful, except
for CNAME (whose functionality dnsmasq more or less supports using A and
PTR records) and maybe SRV? Remember that A and PTR records are added
automatically by dnsmasq based on /etc/hosts.
Perhaps, you could implement (instead of tags for PTR, CNAME, etc.)
<dns>
<host ip="192.168.122.1">
<hostname>host1</hostname>
<hostname>host2</hostname>
<hostname>host3</hostname>
</host>
</dns>
instead, which would write a file
192.168.122.1 host1 host2 host3
and pass it to dnsmasq via --addn-hosts. But every feature should be
added as a separate patch.
I tried following invocations of dnsmasq (I tried it on port 52
instead
not to mess up with my current networking):
first-term# dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon -p 52
--txt-record="some name","some value"
second-term$ dig TXT some name @192.168.122.1 -p 52
connection timed out; no servers could be reached
second-term$ dig TXT "some name" @192.168.122.1 -p 52
;; ANSWER SECTION:
some\032name. 0 IN TXT "some value"
This is just how dnsmasq prints the request. You can see with wireshark
that the request is really for "some name". BTW, please test your patch
with commas in the name. Those should be forbidden probably (not sure
about the value).
So what do you think about this? Also, do you think we should
implement
everything connected to DNSMasq mentioned there (i.e. both DNS and DHCP
stuff) in one commit, just few separate patches (e.g. one for DNS and
second for DHCP/BOOTP) ?
Many many separate patches.
BTW, regarding this particular series, you should update the XML schema,
and add many many testcases. Do this for TXT, then you can start
thinking about everything else.
Paolo
6:37 a.m.
On 03/29/2011 01:16 PM, Paolo Bonzini wrote:
On 03/29/2011 12:52 PM, Michal Novotny wrote:
> [snip]
>> It would be great to:
>>
>> 1) add<user-class> and<vendor-class> tags inside<dhcp> that
allow
>> filtering according to user/vendor classes
> Well, I didn't know this is supported by DNSMasq but it seems to be
Yes, I am using it. :)
Great. Good to implement this then however I'm not sure about the
<network-id> parameter for DNSMasq. What should network-id tag mean and
what should it match?
> -4, --dhcp-mac=<network-id>,<MAC address>
> Map from a MAC address to a network-id tag. The MAC
> address may include wildcards. For example
> --dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any host
> whose MAC address matches the pattern.
Interesting.
Well, should we support this as well?
>> 2) allow to specify<bootp> inside those as well as
inside<range>
>> or<host> elements.
> Right, there's bootp option:
It's already supported by libvirt.
Good. So the patch won't implement this.
>> 3) add support for DHCP options besides bootp, with a tag
like<option
>> force="yes|no" name="..." value="...">.
>>
>> For example, my router's DHCP configuration would look like this:
>>
>> <dhcp>
>> <range ...>
>> <user-class prefix="iPXE">
>> <bootp
file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
>> </user-class>
>> <bootp file="undionly.kpxe">
>> </dhcp>
>>
Basically this is using boot.ipxe file for the prefix of iPXE and
falling back to default undionly.kpxe... right? Is this what you mean by
your definition?
> That's not a bad idea at all and I think it's worth it
however
> originally my patch was about DNS and not DHCP.
Yes, of course.
Thinking more about it, <range ...> could also be (optionally) placed
inside <user-class> and <vendor-class> ("serve this range only to this
user class or vendor class").
Well, this could be a good thing as well since for various
vendor/user-classes we should be having different ranges.
> I have to admit that DNS
> TXT record only patch was not the right thing to be implemented since I
> should have implemented all the DNS records supported
Should you? I am not sure of that. Are they really so useful, except
for CNAME (whose functionality dnsmasq more or less supports using A and
PTR records) and maybe SRV? Remember that A and PTR records are added
automatically by dnsmasq based on /etc/hosts.
Perhaps, you could implement (instead of tags for PTR, CNAME, etc.)
<dns>
<host ip="192.168.122.1">
<hostname>host1</hostname>
<hostname>host2</hostname>
<hostname>host3</hostname>
</host>
</dns>
instead, which would write a file
192.168.122.1 host1 host2 host3
and pass it to dnsmasq via --addn-hosts. But every feature should be
added as a separate patch.
Well, that's a good idea IMHO. If we write a file and pass it directly
to dnsmasq using -addn-hosts then the implementation could be much
better since you'll still be able to define it in the XML file and the
libvirt network configuration and the file will be generate for you on
network-start only.
> I tried following invocations of dnsmasq (I tried it on port 52
instead
> not to mess up with my current networking):
>
> first-term# dnsmasq --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
> --except-interface lo --listen-address 192.168.122.1 --dhcp-range
> 192.168.122.2,192.168.122.254
> --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
> --dhcp-lease-max=253 --dhcp-no-override --no-daemon -p 52
> --txt-record="some name","some value"
>
> second-term$ dig TXT some name @192.168.122.1 -p 52
> connection timed out; no servers could be reached
>
> second-term$ dig TXT "some name" @192.168.122.1 -p 52
> ;; ANSWER SECTION:
> some\032name. 0 IN TXT "some value"
This is just how dnsmasq prints the request. You can see with wireshark
that the request is really for "some name". BTW, please test your patch
with commas in the name. Those should be forbidden probably (not sure
about the value).
You're right. It's really "some name" and it's matter of how
dnsmasq
prints the request. Also, for the commas, I did try in both name and
value and it was not working at all in the name and for the value is was
showing 2 values basically:
;; ANSWER SECTION:
some\032name. 0 IN TXT "some" "value"
Value in wireshark is presented separated by a NULL byte, i.e.
"some\0value" (although wireshark shows comma character instead of \0
since it doesn't escape that way) so I guess we should disallow usage of
commas as well.
To sum this up, we should disallow usage of commas and quotes (or we
should at least escape the quotes).
> So what do you think about this? Also, do you think we should
implement
> everything connected to DNSMasq mentioned there (i.e. both DNS and DHCP
> stuff) in one commit, just few separate patches (e.g. one for DNS and
> second for DHCP/BOOTP) ?
Many many separate patches.
BTW, regarding this particular series, you should update the XML schema,
and add many many testcases. Do this for TXT, then you can start
thinking about everything else.
Ok. Good. Thanks!
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
9:59 a.m.
On 03/29/2011 01:37 PM, Michal Novotny wrote:
On 03/29/2011 01:16 PM, Paolo Bonzini wrote:
> On 03/29/2011 12:52 PM, Michal Novotny wrote:
>> [snip]
>>> It would be great to:
>>>
>>> 1) add<user-class> and<vendor-class> tags inside<dhcp>
that allow
>>> filtering according to user/vendor classes
>> Well, I didn't know this is supported by DNSMasq but it seems to be
> Yes, I am using it. :)
Great. Good to implement this then however I'm not sure about the
<network-id> parameter for DNSMasq. What should network-id tag mean and
what should it match?
It can be a progressive number. You use it later to limit the "scope"
of --dhcp-boot options.
>> -4, --dhcp-mac=<network-id>,<MAC
address>
>> Map from a MAC address to a network-id tag. The MAC
>> address may include wildcards. For example
>> --dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any
host
>> whose MAC address matches the pattern.
> Interesting.
Well, should we support this as well?
One step at a time...
>>> 3) add support for DHCP options besides bootp, with a tag
like<option
>>> force="yes|no" name="..." value="...">.
>>>
>>> For example, my router's DHCP configuration would look like this:
>>>
>>> <dhcp>
>>> <range ...>
>>> <user-class prefix="iPXE">
>>> <bootp
file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
>>> </user-class>
>>> <bootp file="undionly.kpxe">
>>> </dhcp>
>>>
Basically this is using boot.ipxe file for the prefix of iPXE and
falling back to default undionly.kpxe... right? Is this what you mean by
your definition?
Yes.
>> second-term$ dig TXT "some name" @192.168.122.1 -p
52
>> ;; ANSWER SECTION:
>> some\032name. 0 IN TXT "some value"
> This is just how dnsmasq prints the request. You can see with wireshark
> that the request is really for "some name". BTW, please test your patch
> with commas in the name. Those should be forbidden probably (not sure
> about the value).
You're right. It's really "some name" and it's matter of how
dnsmasq
prints the request. Also, for the commas, I did try in both name and
value and it was not working at all in the name and for the value is was
showing 2 values basically:
;; ANSWER SECTION:
some\032name. 0 IN TXT "some" "value"
Value in wireshark is presented separated by a NULL byte, i.e.
"some\0value" (although wireshark shows comma character instead of \0
since it doesn't escape that way) so I guess we should disallow usage of
commas as well.
Perhaps no, it does have a meaning after all. I don't know much about
TXT records though.
To sum this up, we should disallow usage of commas and quotes (or we
should at least escape the quotes).
Commas only in the name, please. libvirt helpers should take care of
escaping quotes.
Paolo
10:08 a.m.
[snip]
> Great. Good to implement this then however I'm not sure about
the
> <network-id> parameter for DNSMasq. What should network-id tag mean and
> what should it match?
It can be a progressive number. You use it later to limit the "scope"
of --dhcp-boot options.
Oh, I see. It could make sense however for the MAC the value of
network-id has been set to "3com" so this confused me however it's just
the naming tag after all.
>>> -4, --dhcp-mac=<network-id>,<MAC
address>
>>> Map from a MAC address to a network-id tag. The MAC
>>> address may include wildcards. For example
>>> --dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any
host
>>> whose MAC address matches the pattern.
>> Interesting.
> Well, should we support this as well?
One step at a time...
Ok, however vendor-class and user-class should be used together and
therefore it could be committed into one commit, right? The next commit
could be the dhcp-mac one... right ?
>>>> 3) add support for DHCP options besides bootp, with a
tag like<option
>>>> force="yes|no" name="..." value="...">.
>>>>
>>>> For example, my router's DHCP configuration would look like this:
>>>>
>>>> <dhcp>
>>>> <range ...>
>>>> <user-class prefix="iPXE">
>>>> <bootp
file="http://playground.usersys.redhat.com/pxe/boot.ipxe">
>>>> </user-class>
>>>> <bootp file="undionly.kpxe">
>>>> </dhcp>
>>>>
> Basically this is using boot.ipxe file for the prefix of iPXE and
> falling back to default undionly.kpxe... right? Is this what you mean by
> your definition?
Yes.
>>> second-term$ dig TXT "some name" @192.168.122.1 -p 52
>>> ;; ANSWER SECTION:
>>> some\032name. 0 IN TXT "some value"
>> This is just how dnsmasq prints the request. You can see with wireshark
>> that the request is really for "some name". BTW, please test your
patch
>> with commas in the name. Those should be forbidden probably (not sure
>> about the value).
> You're right. It's really "some name" and it's matter of how
dnsmasq
> prints the request. Also, for the commas, I did try in both name and
> value and it was not working at all in the name and for the value is was
> showing 2 values basically:
>
> ;; ANSWER SECTION:
> some\032name. 0 IN TXT "some" "value"
>
> Value in wireshark is presented separated by a NULL byte, i.e.
> "some\0value" (although wireshark shows comma character instead of \0
> since it doesn't escape that way) so I guess we should disallow usage of
> commas as well.
Perhaps no, it does have a meaning after all. I don't know much about
TXT records though.
Well, I already have this done and I think it could be useful.
> To sum this up, we should disallow usage of commas and quotes (or
we
> should at least escape the quotes).
Commas only in the name, please. libvirt helpers should take care of
escaping quotes.
Paolo
What do you mean? To apply the restriction only to "name" attribute and
not "value" attribute? I'm having it applied for both now so I'd like
to
know whether it's OK to let it this way or not :)
Thanks,
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
10:12 a.m.
On 03/29/2011 05:08 PM, Michal Novotny wrote:
Ok, however vendor-class and user-class should be used together and
therefore it could be committed into one commit, right? The next commit
could be the dhcp-mac one... right ?
No, they can be one patch series, but they should be separate commits.
> Commas only in the name, please. libvirt helpers should take
care of
> escaping quotes.
What do you mean? To apply the restriction only to "name" attribute and
not "value" attribute? I'm having it applied for both now so I'd like
to
know whether it's OK to let it this way or not :)
I'll let others chime in, but I think that if dnsmasq documents that
"The value of TXT record is a set of strings, so any number may be
included, split by commas" we can keep the same definition.
Paolo
10:19 a.m.
On 03/29/2011 05:12 PM, Paolo Bonzini wrote:
On 03/29/2011 05:08 PM, Michal Novotny wrote:
> Ok, however vendor-class and user-class should be used together and
> therefore it could be committed into one commit, right? The next commit
> could be the dhcp-mac one... right ?
No, they can be one patch series, but they should be separate commits.
>> Commas only in the name, please. libvirt helpers should take care of
>> escaping quotes.
> What do you mean? To apply the restriction only to "name" attribute and
> not "value" attribute? I'm having it applied for both now so I'd
like to
> know whether it's OK to let it this way or not :)
I'll let others chime in, but I think that if dnsmasq documents that
"The value of TXT record is a set of strings, so any number may be
included, split by commas" we can keep the same definition.
Paolo
Ok, that's fine for me :)
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
6:18 a.m.
On 03/29/2011 12:52 PM, Michal Novotny wrote:
[snip]
> It would be great to:
>
> 1) add<user-class> and<vendor-class> tags inside<dhcp> that
allow
> filtering according to user/vendor classes
Well, I didn't know this is supported by DNSMasq but it seems to be
Yes, I am using it. :)
-4, --dhcp-mac=<network-id>,<MAC address>
Map from a MAC address to a network-id tag. The MAC
address may include wildcards. For example
--dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any host
whose MAC address matches the pattern.
Interesting.
> 2) allow to specify<bootp> inside those as well as
inside<range>
> or<host> elements.
Right, there's bootp option:
It's already supported by libvirt.
That's not a bad idea at all and I think it's worth it
however
originally my patch was about DNS and not DHCP.
Yes, of course.
Thinking more about it, <range ...> could also be (optionally) placed
inside <user-class> and <vendor-class> ("serve this range only to this
user class or vendor class").
I have to admit that DNS
TXT record only patch was not the right thing to be implemented since I
should have implemented all the DNS records supported
Should you? I am not sure of that. Are they really so useful for
libvirt's use case, except for CNAME (whose functionality dnsmasq more
or less supports using A and PTR records) and maybe SRV? Remember that
A and PTR records are added automatically by dnsmasq based on /etc/hosts.
Perhaps, you could implement (instead of tags for PTR, CNAME, etc.)
<dns>
<host ip="192.168.122.1">
<hostname>host1</hostname>
<hostname>host2</hostname>
<hostname>host3</hostname>
</host>
</dns>
instead, which would write a file
192.168.122.1 host1 host2 host3
and pass it to dnsmasq via --addn-hosts. But every feature should be
added as a separate patch.
I tried following invocations of dnsmasq (I tried it on port 52
instead
not to mess up with my current networking):
first-term# dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon -p 52
--txt-record="some name","some value"
second-term$ dig TXT some name @192.168.122.1 -p 52
connection timed out; no servers could be reached
second-term$ dig TXT "some name" @192.168.122.1 -p 52
;; ANSWER SECTION:
some\032name. 0 IN TXT "some value"
This is just how dig prints the request. You can see with wireshark
that the request is really for "some name". BTW, please test your patch
with commas in the name. Those should be forbidden probably (not sure
about the value).
So what do you think about this? Also, do you think we should
implement
everything connected to DNSMasq mentioned there (i.e. both DNS and DHCP
stuff) in one commit, just few separate patches (e.g. one for DNS and
second for DHCP/BOOTP) ?
Many many separate patches.
BTW, regarding this particular series, you should update the XML schema,
and add many many testcases. Do this for TXT, then you can start
thinking about everything else.
Paolo
5:41 a.m.
[snip]
Perhaps, you could implement (instead of tags for PTR, CNAME, etc.)
<dns>
<host ip="192.168.122.1">
<hostname>host1</hostname>
<hostname>host2</hostname>
<hostname>host3</hostname>
</host>
</dns>
instead, which would write a file
192.168.122.1 host1 host2 host3
and pass it to dnsmasq via --addn-hosts. But every feature should be
added as a separate patch.
Paolo, I'm having interesting results on this
matter. I was unable to
see it working now whereas I saw it working fine yesterday so I've been
investigating this further.
Results of my investigation were obtained when running it manually and
they are:
1) /usr/sbin/dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --txt-record="txt-record","some value, which is
something" --addn-hosts=/var/run/libvirt/network/default.hosts
--listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override
-> the guest was unable to access the records from --addn-hosts (tested
using nslookup)
2) /usr/sbin/dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --txt-record="txt-record","some value, which is
something" --addn-hosts=/var/run/libvirt/network/default.hosts
--listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon
-> the --no-daemon option made it working for the --addn-hosts but it
was not working without it, i.e. in the daemon mode. Based on this I
guess this is the bug in Fedora-14 DNSMasq (which is the same as the one
for Fedora-14 since I'm unable to get any update and the version I'm
having is dnsmasq-2.52-1.fc13.i686). Should I file a bug against DNSMasq
about this?
Also, I've been testing the --txt-record once again and not grabbed it
with wireshark and I had to query the "txt-record" TXT record for this
and the wireshark was showing the quotes there as well now. Should I
disable it then and use the working syntax for record name which
(according to my testing) is to use *--txt-record=txt-record,"some
value, which is something"* instead, i.e. to not use quotes in the name?
Thanks,
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
5:53 a.m.
On 03/30/2011 12:41 PM, Michal Novotny wrote:
1) /usr/sbin/dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --txt-record="txt-record","some value, which is
something" --addn-hosts=/var/run/libvirt/network/default.hosts
--listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override
-> the guest was unable to access the records from --addn-hosts (tested
using nslookup)
2) /usr/sbin/dnsmasq --strict-order --bind-interfaces
--pid-file=/var/run/libvirt/network/default.pid --conf-file=
--except-interface lo --txt-record="txt-record","some value, which is
something" --addn-hosts=/var/run/libvirt/network/default.hosts
--listen-address 192.168.122.1 --dhcp-range
192.168.122.2,192.168.122.254
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
--dhcp-lease-max=253 --dhcp-no-override --no-daemon
-> the --no-daemon option made it working for the --addn-hosts but it
was not working without it, i.e. in the daemon mode. Based on this I
guess this is the bug in Fedora-14 DNSMasq (which is the same as the one
for Fedora-14 since I'm unable to get any update and the version I'm
having is dnsmasq-2.52-1.fc13.i686). Should I file a bug against DNSMasq
about this?
I think you should triage it a bit more, e.g. with strace -ff. Anyway,
there is no hurry of doing this I think.
Also, I've been testing the --txt-record once again and not
grabbed it
with wireshark and I had to query the "txt-record" TXT record for this
and the wireshark was showing the quotes there as well now. Should I
disable it then and use the working syntax for record name which
(according to my testing) is to use *--txt-record=txt-record,"some
value, which is something"* instead, i.e. to not use quotes in the name?
I absolutely cannot parse this sentence.
Paolo
6 a.m.
On 03/30/2011 12:41 PM, Michal Novotny wrote:
> 1) /usr/sbin/dnsmasq --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
> --except-interface lo --txt-record="txt-record","some value, which is
> something" --addn-hosts=/var/run/libvirt/network/default.hosts
> --listen-address 192.168.122.1 --dhcp-range
> 192.168.122.2,192.168.122.254
> --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
> --dhcp-lease-max=253 --dhcp-no-override
>
> -> the guest was unable to access the records from --addn-hosts (tested
> using nslookup)
>
> 2) /usr/sbin/dnsmasq --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
> --except-interface lo --txt-record="txt-record","some value, which is
> something" --addn-hosts=/var/run/libvirt/network/default.hosts
> --listen-address 192.168.122.1 --dhcp-range
> 192.168.122.2,192.168.122.254
> --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases
> --dhcp-lease-max=253 --dhcp-no-override --no-daemon
>
> -> the --no-daemon option made it working for the --addn-hosts but it
> was not working without it, i.e. in the daemon mode. Based on this I
> guess this is the bug in Fedora-14 DNSMasq (which is the same as the one
> for Fedora-14 since I'm unable to get any update and the version I'm
> having is dnsmasq-2.52-1.fc13.i686). Should I file a bug against DNSMasq
> about this?
I think you should triage it a bit more, e.g. with strace -ff. Anyway,
there is no hurry of doing this I think.
Well, you mean to use strace on the daemonized process?
> Also, I've been testing the --txt-record once again and not
grabbed it
> with wireshark and I had to query the "txt-record" TXT record for this
> and the wireshark was showing the quotes there as well now. Should I
> disable it then and use the working syntax for record name which
> (according to my testing) is to use *--txt-record=txt-record,"some
> value, which is something"* instead, i.e. to not use quotes in the name?
I absolutely cannot parse this sentence.
Well, what I meant was that if I invoked dnsmasq with
--txt-record="txt-record", "some value" then I had to dig for
"txt-record" with quotes, i.e. using the dig TXT \"txt-record\"
syntax
in bash. In Wireshark it was showing request for record with the quotes,
i.e. "txt-record" instead of querying just for txt-record, i.e. without
quotes. To be able to query it without quotes I had to invoke dnsmasq
with --txt-record=txt-record, "some value" arguments.
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
6:02 a.m.
On 03/30/2011 01:00 PM, Michal Novotny wrote:
> I think you should triage it a bit more, e.g. with strace -ff.
Anyway,
> there is no hurry of doing this I think.
Well, you mean to use strace on the daemonized process?
Wherever it helps understanding what's happening. :)
>> Also, I've been testing the --txt-record once again and
not grabbed it
>> with wireshark and I had to query the "txt-record" TXT record for this
>> and the wireshark was showing the quotes there as well now. Should I
>> disable it then and use the working syntax for record name which
>> (according to my testing) is to use *--txt-record=txt-record,"some
>> value, which is something"* instead, i.e. to not use quotes in the name?
> I absolutely cannot parse this sentence.
Well, what I meant was that if I invoked dnsmasq with
--txt-record="txt-record", "some value" then I had to dig for
"txt-record" with quotes, i.e. using the dig TXT \"txt-record\"
syntax
in bash. In Wireshark it was showing request for record with the quotes,
i.e. "txt-record" instead of querying just for txt-record, i.e. without
quotes. To be able to query it without quotes I had to invoke dnsmasq
with --txt-record=txt-record, "some value" arguments.
Who was escaping the double-quotes?
Paolo
6:08 a.m.
On 03/30/2011 01:00 PM, Michal Novotny wrote:
>> I think you should triage it a bit more, e.g. with strace -ff. Anyway,
>> there is no hurry of doing this I think.
> Well, you mean to use strace on the daemonized process?
Wherever it helps understanding what's happening. :)
>>> Also, I've been testing the --txt-record once again and not grabbed it
>>> with wireshark and I had to query the "txt-record" TXT record for
this
>>> and the wireshark was showing the quotes there as well now. Should I
>>> disable it then and use the working syntax for record name which
>>> (according to my testing) is to use *--txt-record=txt-record,"some
>>> value, which is something"* instead, i.e. to not use quotes in the
name?
>> I absolutely cannot parse this sentence.
> Well, what I meant was that if I invoked dnsmasq with
> --txt-record="txt-record", "some value" then I had to dig for
> "txt-record" with quotes, i.e. using the dig TXT \"txt-record\"
syntax
> in bash. In Wireshark it was showing request for record with the quotes,
> i.e. "txt-record" instead of querying just for txt-record, i.e. without
> quotes. To be able to query it without quotes I had to invoke dnsmasq
> with --txt-record=txt-record, "some value" arguments.
Who was escaping the double-quotes?
I had to put the quotes there manually since they were not given there
automatically using virBufferVSprintf() call and invocation without them
failed for case you used space in name or value of the TXT record, i.e.
--txt-record=some name, some value since it was taking name (and value)
as the next arguments.
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
6:28 a.m.
On 03/30/2011 01:00 PM, Michal Novotny wrote:
>> I think you should triage it a bit more, e.g. with strace -ff. Anyway,
>> there is no hurry of doing this I think.
> Well, you mean to use strace on the daemonized process?
Wherever it helps understanding what's happening. :)
It was a good idea to run it under strace since I've been able to see
that when it daemonizes then the user is changed from current user to
nobody. This is what caused the issue since there was no read permission
for others.
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
7 a.m.
On 03/30/2011 01:00 PM, Michal Novotny wrote:
>> I think you should triage it a bit more, e.g. with strace -ff. Anyway,
>> there is no hurry of doing this I think.
> Well, you mean to use strace on the daemonized process?
Wherever it helps understanding what's happening. :)
>>> Also, I've been testing the --txt-record once again and not grabbed it
>>> with wireshark and I had to query the "txt-record" TXT record for
this
>>> and the wireshark was showing the quotes there as well now. Should I
>>> disable it then and use the working syntax for record name which
>>> (according to my testing) is to use *--txt-record=txt-record,"some
>>> value, which is something"* instead, i.e. to not use quotes in the
name?
>> I absolutely cannot parse this sentence.
> Well, what I meant was that if I invoked dnsmasq with
> --txt-record="txt-record", "some value" then I had to dig for
> "txt-record" with quotes, i.e. using the dig TXT \"txt-record\"
syntax
> in bash. In Wireshark it was showing request for record with the quotes,
> i.e. "txt-record" instead of querying just for txt-record, i.e. without
> quotes. To be able to query it without quotes I had to invoke dnsmasq
> with --txt-record=txt-record, "some value" arguments.
Who was escaping the double-quotes?
Paolo
Well, it's working without the quotes and I just made a typo there
before and that's why invocation failed. Now it's OK without the quotes.
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
12:03 p.m.
On 03/29/2011 06:52 AM, Michal Novotny wrote:
[snip]
So I guess we should disable the spaces in the name since it's being
interpreted like \032 characters as can be seen in the dig output - we
should either disable such a definition entirely or change spaces (' ')
to dashes ('-'). But escaping the value of the record to the quotes is a
good thing since this is working fine.
I think giving an error on an illegal character is a better idea than
silently changing it to something else. If it's not supported, it's not
supported; the admin should be made aware of that, and manually change
it to something that is allowed.
So what do you think about this? Also, do you think we should
implement
everything connected to DNSMasq mentioned there (i.e. both DNS and DHCP
stuff) in one commit, just few separate patches (e.g. one for DNS and
second for DHCP/BOOTP) ?
Sorry - you're moving much too fast for me to keep up! :-)
I think it's a good idea for your patch to just cover DNS-related items,
and we can put the others into a different patch.
7:04 a.m.
[snip]
Is this really necessary? We're not talking about a shell
commandline
here, but an array of null terminated strings. If it's a restriction
placed by dnsmasq itself, then we should just disallow ' ' during
parsing rather than silently changing it, to avoid surprises.
Well, I've been thinking about this a little bit more and I guess it
*may* be better either to fail with some libvirt's virterror saying that
spaces are not allowed in the TXT record name and value or to change the
spaces to dashes (-) instead of undescores (_) - I guess this looks better.
Also, if we add support for configuring other DNS related things we
should consider:
1) TXT records
2) SRV records
3) PTR records
4) NAPTR records
5) CNAME records
which is basically adding 5 new DNS records only since I see no point in
changing port, query-port and edns UDP packet max size and as I already
mentioned this patch should be about DNS options only and the rest of
the options should be covered by a separate patch so this should be
adding only the DNS records AFAIK.
Also, I've been talking to Jirka Denemark (jdenemar) about this and he
told me some time ago somebody wanted to pass arguments directly to XML
file and spawn dnsmasq with them which would, on the one hand, add
"flexibility" by directly setting up the parameters to the dnsmasq
however this is the implementation issue since if we change usage of
dnsmasq to usage of something else with some other parameters it would
be fail because it won't be compatible so I guess adding design like:
<dns>
<txt ...>
...
</dns>
would be much better than having dnsmasq arguments directly in the XML.
So basically having some new elements like:
<dns>
<txt name="some-name" value="some-value" />
<srv service="_service" prot="_prot" domain="domain"
target="target"
port="port" priority="priority" weight="weight" />
<ptr name="name" target="target" />
<naptr name="name" order="order" preference="pref"
flags="flags"
service="svc" regexp="re" replacement="rep" />
<cname cname="cname" target="target" />
</dns>
would serve the purpose of this.
What do you think about such an implementation? Would this be good for
v2 of the patch? :)
Thanks,
Michal
--
Michal Novotny <minovotn(a)redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat
4:36 p.m.
On Fri, Mar 25, 2011 at 22:02, Laine Stump <laine(a)laine.org> wrote:
As a matter of fact, I think that not only is this useful, but
configuring
other capabilities presented by dnsmasq would be good. I think you'll find a
kindred spirit in Paweł Krześniak, who was also wanting some other dnsmasq
capabilities exposed (I forget which now).
For me the most interesting dnsmasq's options are no-hosts, no-resolv,
addn-hosts, server, log-queries.
Our initial discussion about dnsmasq options is here
https://www.redhat.com/archives/libvir-list/2010-December/msg00857.html
--
Pawel
4986
days inactive
4992
days old
21 comments
4 participants
participants (4)
-
Laine Stump -
Michal Novotny -
Paolo Bonzini -
Paweł Krześniak