6:01 p.m.
This adds a new "localOnly" attribute on the domain element of the
network xml. With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.
This was how it worked before commit f69a6b987d616, and I found that
functionality useful. For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside. But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop. Now I can set localOnly="yes" to prevent the loop.
Signed-off-by: Josh Stone <jistone(a)redhat.com>
Cc: Laine Stump <laine(a)laine.org>
---
docs/formatnetwork.html.in | 12 +++++++-
docs/schemas/network.rng | 3 ++
src/conf/network_conf.c | 32 ++++++++++++++++++++--
src/conf/network_conf.h | 1 +
src/network/bridge_driver.c | 5 ++++
.../nat-network-dns-local-domain.conf | 14 ++++++++++
.../nat-network-dns-local-domain.xml | 9 ++++++
tests/networkxml2conftest.c | 1 +
8 files changed, 74 insertions(+), 3 deletions(-)
create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.conf
create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.xml
diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index dc438aee8622..defcdba00930 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -82,7 +82,7 @@
<pre>
...
<bridge name="virbr0" stp="on"
delay="5"/>
- <domain name="example.com"/>
+ <domain name="example.com" localOnly="no"/>
<forward mode="nat" dev="eth0"/>
...</pre>
@@ -113,6 +113,16 @@
a <code><forward></code> mode of "nat" or
"route" (or an
isolated network with no <code><forward></code>
element). <span class="since">Since 0.4.5</span>
+
+ <p>
+ If the optional <code>localOnly</code> attribute on the
+ <code>domain</code> element is "yes", then DNS requests
under
+ this domain will only be resolved by the virtual network's own
+ DNS server - they will not be forwarded to the host's upstream
+ DNS server. If <code>localOnly</code> is "no", and by
+ default, unresolved requests <b>will</b> be forwarded.
+ <span class="since">Since 1.2.11</span>
+ </p>
</dd>
<dt><code>forward</code></dt>
<dd>Inclusion of the <code>forward</code> element indicates that
diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng
index 4546f8037580..a1da28092375 100644
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -225,6 +225,9 @@
<optional>
<element name="domain">
<attribute name="name"><ref
name="dnsName"/></attribute>
+ <optional>
+ <attribute name="localOnly"><ref
name="virYesNo"/></attribute>
+ </optional>
</element>
</optional>
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 97719ed536de..31b765ff2c51 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -2083,6 +2083,18 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
/* Parse network domain information */
def->domain = virXPathString("string(./domain[1]/@name)", ctxt);
+ tmp = virXPathString("string(./domain[1]/@localOnly)", ctxt);
+ if (tmp) {
+ def->domain_local = virTristateBoolTypeFromString(tmp);
+ if (def->domain_local <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid domain localOnly setting '%s' "
+ "in network '%s'"),
+ tmp, def->name);
+ goto error;
+ }
+ VIR_FREE(tmp);
+ }
if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) != NULL &&
(def->bandwidth = virNetDevBandwidthParse(bandwidthNode, -1)) == NULL)
@@ -2805,8 +2817,24 @@ virNetworkDefFormatBuf(virBufferPtr buf,
virBufferAsprintf(buf, "<mac address='%s'/>\n",
macaddr);
}
- if (def->domain)
- virBufferAsprintf(buf, "<domain name='%s'/>\n",
def->domain);
+ if (def->domain) {
+ virBufferAsprintf(buf, "<domain name='%s'",
def->domain);
+
+ /* default to "no", but don't format it in the XML */
+ if (def->domain_local) {
+ const char *local = virTristateBoolTypeToString(def->domain_local);
+
+ if (!local) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown localOnly type %d in network"),
+ def->domain_local);
+ return -1;
+ }
+ virBufferAsprintf(buf, " localOnly='%s'", local);
+ }
+
+ virBufferAddLit(buf, "/>\n");
+ }
if (virNetworkDNSDefFormat(buf, &def->dns) < 0)
goto error;
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 660cd2d10cd1..bb9724fddbb8 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -232,6 +232,7 @@ struct _virNetworkDef {
char *bridge; /* Name of bridge device */
char *domain;
+ int domain_local; /* enum virTristateBool: yes disables dns forwarding */
unsigned long delay; /* Bridge forward delay (ms) */
bool stp; /* Spanning tree protocol */
virMacAddr mac; /* mac address of bridge device */
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 9ccc9f8f8de6..f4158517c573 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -928,6 +928,11 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
}
if (network->def->domain) {
+ if (network->def->domain_local == VIR_TRISTATE_BOOL_YES) {
+ virBufferAsprintf(&configbuf,
+ "local=/%s/\n",
+ network->def->domain);
+ }
virBufferAsprintf(&configbuf,
"domain=%s\n"
"expand-hosts\n",
diff --git a/tests/networkxml2confdata/nat-network-dns-local-domain.conf
b/tests/networkxml2confdata/nat-network-dns-local-domain.conf
new file mode 100644
index 000000000000..5f41b9186cbc
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-local-domain.conf
@@ -0,0 +1,14 @@
+##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
+## virsh net-edit default
+## or other application using the libvirt API.
+##
+## dnsmasq conf file created by libvirt
+strict-order
+local=/example.com/
+domain=example.com
+expand-hosts
+except-interface=lo
+bind-dynamic
+interface=virbr0
+addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
diff --git a/tests/networkxml2confdata/nat-network-dns-local-domain.xml
b/tests/networkxml2confdata/nat-network-dns-local-domain.xml
new file mode 100644
index 000000000000..a92d71f1f2f6
--- /dev/null
+++ b/tests/networkxml2confdata/nat-network-dns-local-domain.xml
@@ -0,0 +1,9 @@
+<network>
+ <name>default</name>
+ <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
+ <forward dev='eth0' mode='nat'/>
+ <bridge name='virbr0' stp='on' delay='0' />
+ <domain name='example.com' localOnly='yes'/>
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ </ip>
+</network>
diff --git a/tests/networkxml2conftest.c b/tests/networkxml2conftest.c
index 267513f6372c..280db306b6d6 100644
--- a/tests/networkxml2conftest.c
+++ b/tests/networkxml2conftest.c
@@ -134,6 +134,7 @@ mymain(void)
DO_TEST("nat-network-dns-hosts", full);
DO_TEST("nat-network-dns-forward-plain", full);
DO_TEST("nat-network-dns-forwarders", full);
+ DO_TEST("nat-network-dns-local-domain", full);
DO_TEST("dhcp6-network", dhcpv6);
DO_TEST("dhcp6-nat-network", dhcpv6);
DO_TEST("dhcp6host-routed-network", dhcpv6);
--
2.1.0
12:18 a.m.
I had forgotten about this patch during the holidays until John Ferlan
reminded me a few days ago.
On 12/03/2014 07:01 PM, Josh Stone wrote:
This adds a new "localOnly" attribute on the domain element
of the
network xml. With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.
This was how it worked before commit f69a6b987d616, and I found that
functionality useful. For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside. But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop. Now I can set localOnly="yes" to prevent the loop.
Signed-off-by: Josh Stone <jistone(a)redhat.com>
Cc: Laine Stump <laine(a)laine.org>
---
docs/formatnetwork.html.in | 12 +++++++-
docs/schemas/network.rng | 3 ++
src/conf/network_conf.c | 32 ++++++++++++++++++++--
src/conf/network_conf.h | 1 +
src/network/bridge_driver.c | 5 ++++
.../nat-network-dns-local-domain.conf | 14 ++++++++++
.../nat-network-dns-local-domain.xml | 9 ++++++
tests/networkxml2conftest.c | 1 +
8 files changed, 74 insertions(+), 3 deletions(-)
create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.conf
create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.xml
diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index dc438aee8622..defcdba00930 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -82,7 +82,7 @@
<pre>
...
<bridge name="virbr0" stp="on"
delay="5"/>
- <domain name="example.com"/>
+ <domain name="example.com" localOnly="no"/>
<forward mode="nat" dev="eth0"/>
...</pre>
@@ -113,6 +113,16 @@
a <code><forward></code> mode of "nat" or
"route" (or an
isolated network with no <code><forward></code>
element). <span class="since">Since 0.4.5</span>
+
+ <p>
+ If the optional <code>localOnly</code> attribute on the
+ <code>domain</code> element is "yes", then DNS requests
under
+ this domain will only be resolved by the virtual network's own
+ DNS server - they will not be forwarded to the host's upstream
+ DNS server. If <code>localOnly</code> is "no", and by
+ default, unresolved requests <b>will</b> be forwarded.
+ <span class="since">Since 1.2.11</span>
+ </p>
</dd>
<dt><code>forward</code></dt>
<dd>Inclusion of the <code>forward</code> element indicates
that
diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng
index 4546f8037580..a1da28092375 100644
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -225,6 +225,9 @@
<optional>
<element name="domain">
<attribute name="name"><ref
name="dnsName"/></attribute>
+ <optional>
+ <attribute name="localOnly"><ref
name="virYesNo"/></attribute>
+ </optional>
</element>
</optional>
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 97719ed536de..31b765ff2c51 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -2083,6 +2083,18 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
/* Parse network domain information */
def->domain = virXPathString("string(./domain[1]/@name)", ctxt);
+ tmp = virXPathString("string(./domain[1]/@localOnly)", ctxt);
+ if (tmp) {
+ def->domain_local = virTristateBoolTypeFromString(tmp);
+ if (def->domain_local <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Invalid domain localOnly setting '%s' "
+ "in network '%s'"),
+ tmp, def->name);
+ goto error;
+ }
+ VIR_FREE(tmp);
+ }
if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) != NULL
&&
(def->bandwidth = virNetDevBandwidthParse(bandwidthNode, -1)) == NULL)
@@ -2805,8 +2817,24 @@ virNetworkDefFormatBuf(virBufferPtr buf,
virBufferAsprintf(buf, "<mac address='%s'/>\n",
macaddr);
}
- if (def->domain)
- virBufferAsprintf(buf, "<domain name='%s'/>\n",
def->domain);
+ if (def->domain) {
+ virBufferAsprintf(buf, "<domain name='%s'",
def->domain);
+
+ /* default to "no", but don't format it in the XML */
+ if (def->domain_local) {
+ const char *local = virTristateBoolTypeToString(def->domain_local);
+
+ if (!local) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown localOnly type %d in network"),
+ def->domain_local);
+ return -1;
+ }
+ virBufferAsprintf(buf, " localOnly='%s'", local);
+ }
+
+ virBufferAddLit(buf, "/>\n");
+ }
if (virNetworkDNSDefFormat(buf, &def->dns) < 0)
goto error;
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 660cd2d10cd1..bb9724fddbb8 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -232,6 +232,7 @@ struct _virNetworkDef {
char *bridge; /* Name of bridge device */
char *domain;
+ int domain_local; /* enum virTristateBool: yes disables dns forwarding */
ACK with one small modification - I renamed domain_local to
domainLocalOnly and pushed the result.
Thanks for the contribution!
3594
days inactive
3641
days old
1 comments
2 participants
participants (2)
-
Josh Stone -
Laine Stump