Re: [PATCH] network: don't add "no-resolv" if we still need DNS servers from resolv.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/17/2017 12:58 PM, Jiri Denemark wrote:
> On Fri, Mar 17, 2017 at 12:33:14 -0400, Laine Stump wrote:
>> It was pointed out here:
>>
>>   https://bugzilla.redhat.com/show_bug.cgi?id=1331796#c4
>>
>> that we shouldn't be adding a "no-resolv" to the dnsmasq.conf file for
>> a network if there isn't any <forwarder> element that specifies an IP
>> address but no qualifying domain. If there is such an element, it will
>> handle all DNS requests that weren't otherwise handled by one of the
>> forwarder entries with a matching domain attribute. If not, then DNS
>> requests that don't match the domain of any <forwarder> would not be
>> resolved if we added no-resolv.
>>
>> So, only add "no-resolv" when there is at least one <forwarder>
>> element that specifies an IP address but no qualifying domain.
> ...
>> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
>> index c5ec282..32c5ab7 100644
>> --- a/src/network/bridge_driver.c
>> +++ b/src/network/bridge_driver.c
>> @@ -1085,7 +1085,15 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
>>          virBufferAddLit(&configbuf, "port=0\n");
>>  
>>      if (wantDNS && network->def->dns.forwarders) {
>> -        virBufferAddLit(&configbuf, "no-resolv\n");
>> +        /* addNoResolv should be set to true if there are any entries
>> +         * that specify an IP address for requests, but no domain
>> +         * qualifier (implying that all requests otherwise "unclaimed"
>> +         * should be sent to that address). if it is still false when
>> +         * we've looked at all entries, it means we still need the
>> +         * host's resolv.conf for some cases.
>> +         */
>> +        bool addNoResolv = false;
>> +
>>          for (i = 0; i < network->def->dns.nfwds; i++) {
>>              virNetworkDNSForwarderPtr fwd = &network->def->dns.forwarders[i];
>>  
>> @@ -1099,11 +1107,15 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
>>                      goto cleanup;
>>                  virBufferAsprintf(&configbuf, "%s\n", addr);
>>                  VIR_FREE(addr);
>> +                if (!fwd->domain)
>> +                    addNoResolv = true;
>>              } else {
>>                  /* "don't forward requests for this domain" */
>>                  virBufferAddLit(&configbuf, "#\n");
>>              }
>>          }
>> +        if (addNoResolv)
>> +            virBufferAddLit(&configbuf, "no-resolv\n");
>>      }
>>  
>>      if (network->def->domain) {
> 
> So what if the network is isolated and supposed to only resolve names
> according to its database. Such network does not have any <forwarder/>
> element and yet no-resolve should be added in the configuration.

You forced me to remember that I had fixed exactly that hole a *long
time* ago (far before <forwarder> was added). I looked it up and found
commit 513122ae:

  https://bugzilla.redhat.com/show_bug.cgi?id=723862

which adds no-resolv if the network is isolated. I was momentarily
afraid that the no-resolv added in that patch had been "messed with" at
some later time, causing a regression in my fix, but found that it's
still there (look around line 1216).

So in the case of an isolated network, we still add no-resolv, no matter
whether we've added it due to <forwarders> or not.

But before we give up on this train of thought, is there maybe *some
other* situation I haven't considered?

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux