> Am 04.06.2022 um 12:33 schrieb Michael Catanzaro <mcatanzaro@xxxxxxxxx>: > > On Sat, Jun 4 2022 at 12:09:00 PM +0200, Peter Boy <pboy@xxxxxxxxxxxxx> wrote: >> And split DNS is especially necessary when a server does host libvirt/KVM VMs. In order to address its VMs (e.g. monitoring tools or forwarding services) the host must query the libvirt dnsmasq instance. This is broken since F34/F35 with systemd-resolved. The only reliable way i know of is a second dnsmasq instance, most easily as NM plugin. > > Does running dnsmasq alongside systemd-resolved have many advantages over just switching to dnsmasq altogether? I would consider that instead. Well, originally we wanted to configure Fedora Server as close to Fedora decided defaults as possible. And Fedora decided systemd-resolved to be the default DNS resolution for F33 and newer. Because libvirt and systemd-resolved don’t cooperate, you need to use a libvirt hook to call resolvectl and configure the libvirt virbr0 interface and name server for the VMs network. As long as that worked, the configuration was as close to Fedora defaults as possible and it worked nice. Pre F33 we recommended to use the libvirt provided dnsmasq for the internal network and to activate NM dnsmasq plugin as an additional instance used by the host. That instance configuration used the libvirt dnsmasq to resolve the internal VM network and forwarded everything else to the NM configured external DNS server (i.e. split DNS). And provides DNS caching. And now we are back there again and completely disable systemd-resolved. Therefore I asked for the list of known weaknesses of dnsmasq Peter Mensik mentioned. >> Wouldn’t be systemd-resolvd in enabled or disabled state a valid indicator what a sysadmin want’s to use and whether to replace a resolv.conf file by a symbolic link or vice versa? > > It's actually the opposite: how you have configured /etc/resolv.conf tells NetworkManager how you want to manage DNS, if you have no manual NetworkManager configuration specified. But you can edit NetworkManager configuration to choose whatever behavior you want. You want dns=dnsmasq: > > https://wiki.gnome.org/Projects/NetworkManager/DNS Wasn’t the initial issue that every dnf update replaces the locally configured resolv.conf file by a symbolic link and so crashes the local configuration? So, could an update make an replacement dependent on an enabled and active systemd-resolved service? Or am I just confusing this with another thread? (Sorry in that case) -- Peter Boy https://fedoraproject.org/wiki/User:Pboy pboy@xxxxxxxxxxxxxxxxx Timezone: CET (UTC+1) / CEST (UTC+2) Fedora Server Edition Working Group member Fedora docs team contributor Java developer and enthusiast _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
