[libvirt-users] Changing dnsmasq DNS settings for virtual machines

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, maybe this is an old fart, but I cant get it to work. I am running libvirt on a laptop, where a dnsmasq is already running to delegate dns info for my local (not-public) network. My resolv.conf (on the host) lists the system-dnsmasq as first server. I had to set the listen-adress for the system-dnsmasq to 127.0.0.1 and set bind-interfaces, to stop if from binding to all interfaces and overriding the libvirtd-dnsmasq, which also has dhcp enabled. Now, how can I tell the libvirtd-dnsmasq, to use the system-dnsmasq as first nameserver? I found lots of pages when searching for "libvirt dns", but all of them only show the dhcp-part of the network's xml file: http://wiki.libvirt.org/page/VirtualNetworking#DNS_.26_DHCP
<ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.100" end="192.168.122.254" /> <host mac="00:16:3e:e2:ed" name="foo.example.com" ip="192.168.122.10" /> </dhcp> </ip>
One possible workaround: My system-dnsmasq reads /etc/hosts_whatever, and apparently the libvirtd-dnsmasq reads var/lib/libvirt/dnsmasq/NETWORK_NAME.addnhosts. I could copy my hosts_whatever in that place, but I had to configure the libvirtd-dnsmasq what my local domains are. Which brings me to the next question: How to set the addn-hosts= for the libvirtd-dnsmasq in the xml file? Regards, Johannes - -- A good sermon should be like a woman's skirt: short enough to arouse interest but long enough to cover the essentials. (Ronald Knox) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlNA5zMACgkQzi3gQ/xETbJBVACeLV9j/TDxgnImAsyEtotUBJ2J OD0An2WDBWUoqCUvmoquk4pwoKplfu/T =g6YM -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06.04.14 07:33 Johannes Kastl wrote:
Which brings me to the next question: How to set the addn-hosts= for the libvirtd-dnsmasq in the xml file?
*ping* Maybe I asked the wrong question, and this is an RTFM. But I looked some more and found: nil. Nada. Nothing. If someone had a M that I could F R then I would be glad... ;-) Regards, Johannes - -- `Dobby is a free house-elf and he can obey anyone he likes“ (Harry Potter and the Half-blood Prince, S. 394) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlNDAAMACgkQzi3gQ/xETbKYZQCeLX5pe+EWT3GZtPSWNZIMm6WV qDkAnj3pO/yo5u/hBPRBRZzw/lgY4HiL =qdaj -----END PGP SIGNATURE-----

On 04/06/2014 08:33 AM, Johannes Kastl wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi everyone,
maybe this is an old fart, but I cant get it to work.
I am running libvirt on a laptop, where a dnsmasq is already running to delegate dns info for my local (not-public) network. My resolv.conf (on the host) lists the system-dnsmasq as first server.
I had to set the listen-adress for the system-dnsmasq to 127.0.0.1 and set bind-interfaces, to stop if from binding to all interfaces and overriding the libvirtd-dnsmasq, which also has dhcp enabled.
Now, how can I tell the libvirtd-dnsmasq, to use the system-dnsmasq as first nameserver?
libvirtd's dnsmasq instances always forward requests that they can't resolve themselves to the dns server listed in /etc/resolv.conf, so it should already be doing what you want. There was a bug in libvirt for quite awhile that caused locally-unresolved requests for hostnames in the domain given by the network's <domain name='xyzzy'/> element to be dropped rather than forwarded. Is that possibly the cause of your problems? Alternately, since 1.1.3 you can tell dnsmasq to forward to a specific address rather than the one listed in /etc/resolv.conf with the <forwarder> subelement of the <dns> element in the network definition, e.g.: <dns> <forwarder addr='1.2.3.4'/> </dns> This is documented here: http://www.libvirt.org/formatnetwork.html#elementsAddress There was a bug in libvirt for quite awhile that caused locally-unresolved requests for hostnames in the domain given by the network's <domain name='xyzzy'/> element to be dropped rather than forwarded. Is that possibly the cause of your problems?
I found lots of pages when searching for "libvirt dns", but all of them only show the dhcp-part of the network's xml file:
<ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.100" end="192.168.122.254" /> <host mac="00:16:3e:e2:ed" name="foo.example.com" ip="192.168.122.10" /> </dhcp> </ip> One possible workaround: My system-dnsmasq reads /etc/hosts_whatever, and apparently the
http://wiki.libvirt.org/page/VirtualNetworking#DNS_.26_DHCP libvirtd-dnsmasq reads var/lib/libvirt/dnsmasq/NETWORK_NAME.addnhosts. I could copy my hosts_whatever in that place, but I had to configure the libvirtd-dnsmasq what my local domains are.
Which brings me to the next question: How to set the addn-hosts= for the libvirtd-dnsmasq in the xml file?
You do that with the <host> subelement of the <dns> element. An example is at the same link as above.
Regards, Johannes - -- A good sermon should be like a woman's skirt: short enough to arouse interest but long enough to cover the essentials. (Ronald Knox) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
iEYEARECAAYFAlNA5zMACgkQzi3gQ/xETbJBVACeLV9j/TDxgnImAsyEtotUBJ2J OD0An2WDBWUoqCUvmoquk4pwoKplfu/T =g6YM -----END PGP SIGNATURE-----
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10.04.2014 13:08 Laine Stump wrote:
On 04/06/2014 08:33 AM, Johannes Kastl wrote:
There was a bug in libvirt for quite awhile that caused locally-unresolved requests for hostnames in the domain given by the network's <domain name='xyzzy'/> element to be dropped rather than forwarded. Is that possibly the cause of your problems?
Maybe...
Alternately, since 1.1.3 you can tell dnsmasq to forward to a specific address rather than the one listed in /etc/resolv.conf with the <forwarder> subelement of the <dns> element in the network definition, e.g.:
<dns> <forwarder addr='1.2.3.4'/> </dns>
Nice, seems to work.
This is documented here:
I actually was on that page, but I must have missed that bit...
Which brings me to the next question: How to set the addn-hosts= for the libvirtd-dnsmasq in the xml file?
You do that with the <host> subelement of the <dns> element. An example is at the same link as above.
No, thats not it. I do not want to set single hosts, I want to tell dnsmasq to read an additional hosts-file. In the normal dnsmasq.conf this is done via addn-hosts=, and that appears in the conf-file for the network called e.g. WHATEVER: addn-hosts=/var/lib/libvirt/dnsmasq/WHATEVER.addnhosts Regards, Johannes - -- 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. (Terry Pratchett, The Fifth Elephant) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlNG0OwACgkQzi3gQ/xETbLqJQCghnq19VVAhUJyhfvzfr+D5JyJ aDwAnAgUDw+eSXC5rL1O9UL7MWPSemn3 =lSGE -----END PGP SIGNATURE-----

On 04/10/2014 08:12 PM, Johannes Kastl wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10.04.2014 13:08 Laine Stump wrote:
On 04/06/2014 08:33 AM, Johannes Kastl wrote:
There was a bug in libvirt for quite awhile that caused locally-unresolved requests for hostnames in the domain given by the network's <domain name='xyzzy'/> element to be dropped rather than forwarded. Is that possibly the cause of your problems? Maybe...
Alternately, since 1.1.3 you can tell dnsmasq to forward to a specific address rather than the one listed in /etc/resolv.conf with the <forwarder> subelement of the <dns> element in the network definition, e.g.: <dns> <forwarder addr='1.2.3.4'/> </dns> Nice, seems to work.
This is documented here: http://www.libvirt.org/formatnetwork.html#elementsAddress I actually was on that page, but I must have missed that bit...
Which brings me to the next question: How to set the addn-hosts= for the libvirtd-dnsmasq in the xml file?
You do that with the <host> subelement of the <dns> element. An example is at the same link as above. No, thats not it. I do not want to set single hosts, I want to tell dnsmasq to read an additional hosts-file.
There is no provision for that. If you want additional hosts to be known by the libvcirt instance of dnsmasq, you must enter them into the xml. If we allowed pointing to an existing addn-hosts file written by the user, we would be adding the format of dnsmasq's addn-hosts file to libvirt's official API, which we don't want to do - we want to keep libvirt's API as implementation-agnostic as possible (in case someone implements a libvirt network driver that uses something other than dnsmasq for DNS, for example).
In the normal dnsmasq.conf this is done via addn-hosts=, and that appears in the conf-file for the network called e.g. WHATEVER:
addn-hosts=/var/lib/libvirt/dnsmasq/WHATEVER.addnhosts

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Laine, thanks for the answer. On 13.04.14 16:13 Laine Stump wrote:
There is no provision for that. If you want additional hosts to be known by the libvcirt instance of dnsmasq, you must enter them into the xml.
I can set the addn-hosts in the .conf file in /var/lib/libvirt/dnsmasq/<nameofthenetwork>.conf. I was just not sure if this gets overwritten, each time I change a setting in the network's xml (virsh net-edit ...).
If we allowed pointing to an existing addn-hosts file written by the user, we would be adding the format of dnsmasq's addn-hosts file to libvirt's official API, which we don't want to do - we want to keep libvirt's API as implementation-agnostic as possible (in case someone implements a libvirt network driver that uses something other than dnsmasq for DNS, for example).
Sounds reasonable. Regards, Johannes - -- Osama bin Laden might wish to destroy America, but America is too big for him; he cannot do it. Bush may really do it. (Richard M. Stallman) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlNK5CUACgkQzi3gQ/xETbItiACgjNozwILNWIul24L/uac+gSbo UK0AoJPBUfDvgwutDSAYFcLv+gib9JXL =vsiW -----END PGP SIGNATURE-----

On 04/13/2014 10:23 PM, Johannes Kastl wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Laine,
thanks for the answer.
On 13.04.14 16:13 Laine Stump wrote:
There is no provision for that. If you want additional hosts to be known by the libvcirt instance of dnsmasq, you must enter them into the xml. I can set the addn-hosts in the .conf file in /var/lib/libvirt/dnsmasq/<nameofthenetwork>.conf.
Yes, you can change that file, but: 1) the location and contents of that file are not a part of the official libvirt API, and are subject to change at any time, 2) The file is only read by dnsmasq immediately after it has been created, when dnsmasq first starts. 3) dnsmasq runs as user nobody, so it isn't even possible to force it to reread that file by sending a SIGHUP. So, changing the contents of the conf file does you no good (or at least it *shouldn't* do you any good)
I was just not sure if this gets overwritten, each time I change a setting in the network's xml (virsh net-edit ...).
It is rewritten from scratch based on the network's config each time you re-start the network.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Laine, thanks for the fast answer. On 14.04.14 11:23 Laine Stump wrote:
On 04/13/2014 10:23 PM, Johannes Kastl wrote:
[/var/lib/libvirt/dnsmasq/<nameofthenetwork>.conf]
I was just not sure if this gets overwritten, each time I change a setting in the network's xml (virsh net-edit ...).
It is rewritten from scratch based on the network's config each time you re-start the network.
I first wanted to write, how sub-optimal that is. How libvirt could at least check, if the user made manual changes to that file. How this feels like curtailing libvirt without the need to do so, as at the moment no other tool apart from dnsmasq is used. Then I contemplated a little, and had to change my opinon. Of course things like that would be nice, but setting a forwarder in the xml solves all/most of my problems, so I do not need to set the addn-hosts. And, to state it clearly, thank all of you for libvirt. I love it. I am so glad I discovered it, and also discovered that it runs that smooth. Regards, Johannes P.S.: Sorry if this mail (or a similar mail) gets sent twice, sending offline somehow triggered a bug in my SeaMonkey... - -- I don't want to achieve immortality through my work. I want to achieve immortality through not dying. (Woody Allen) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlNMMvEACgkQzi3gQ/xETbLseACePi/GNPZtbXr63tg0E/Imik5h 6mIAnAzqbyYauX1IdxnHUJrTdeLxWlzE =BNwn -----END PGP SIGNATURE-----
participants (2)
-
Johannes Kastl
-
Laine Stump