Re: libvirt and systemd-resolved integration?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 10/7/20 6:44 AM, Pavel Zhukov wrote:
> 
> I don't think it's a good idea.
> dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides
> VMs with IP
> address/lease and create corresponding dns record for it. In case of
> resolved ip addresses and dns records must be managed either manually
> or... with dnsmasq.

That is not true. Any query sent to @192.168.122.1 would get reply. I
use for example unbound on localhost and all my machines use .vm. domain
suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically
lease names of all its dhcp clients, it works as dynamic DNS connected
with DHCP just out of the box.

unbound-control forward_add +i vm 192.168.122.1

Or permanent configuration in /etc/unbound/conf.d/vm.conf:
server:
domain-insecure: "vm"
domain-insecure: "122.168.192.IN-ADDR.ARPA"

forward-zone:
        name: "vm"
        forward-addr: 192.168.122.1
        forward-first: no

forward-zone:
        name: "122.168.192.IN-ADDR.ARPA"
        forward-addr: 192.168.122.1
        forward-first: no


Then I used in virsh edit-network default, inside <network> element:
  <domain name='vm' localOnly='yes'/>

dnsmasq is not full resolver, just like systemd-resolver. It just
forwards queries it does not have answer to /etc/resolv.conf forwarders.
If systemd-resolved does not running on the host, it also offers working
DNSSEC environment to all VMs.

Since systemd-resolved can do split DNS, it is able to do that also. But
it seems current domain redirection is private API for NM.
It might work:

resolvectl domain virbr0 ~vm

But haven't tested it. I am not sure how permanent configuration should
look like in resolved.conf. Can it be configured to forward specific
domain to specific server? It seems to me it expects such think only per
interface, which might work with libvirt too.

> On 2020-10-06 at 22:04 CEST, Juan Orti Alcaine wrote...
>> Hello,
>>
>> In the network bridges that libvirt creates there's a dnsmasq daemon to
>> resolve the VM's IPs. Is there any way to signal systemd-resolved from
>> libvirt to say that in the bridge interface there is a DNS server and a
>> domain?
>>
>> Thank you.
> 
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik@xxxxxxxxxx
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux