Bug 1532856

Summary: RFE: network: Support creating wildcard cnames in dnsmasq
Product: [Community] Virtualization Tools Reporter: David Kaylor <dkaylor>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: agedosier, anavarro, berrange, bsmitley, cfergeau, clalancette, crobinso, dblack, dgunchev, dwojewod, elavarde, erich, itamar, jbreitwe, jforbes, kechung, laine, lbednar, libvirt-maint, mrhodes, ricardo.arguello, rvdwees, sgarciam, veillard, william.caban
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Kaylor 2018-01-09 22:08:30 UTC 
Description:

As of 2.77, dnsmasq supports creating wildcard cname records. A good example can be found here:

https://serverfault.com/questions/853282/is-it-possible-to-add-a-wildcard-cname-into-dnsmasq/853996

I'd like to be able to create wildcard records in my libvirt environment.


Version-Release number of selected component (if applicable):

libvirt-daemon-3.7.0-3.fc27.x86_64


Additional info:

My motivation is setting up a simple OpenShift environment on virtual machines. One of the recommended prerequisites is to create a wildcard DNS entry (https://docs.openshift.com/container-platform/3.7/install_config/install/prerequisites.html#prereq-dns).
Comment 1 Jason Dian 2018-08-24 06:57:32 UTC 
I have same requirement with David. but now I found a workaround. 

1. config libvirt network forward dns to host ip , assumed host have eth0 192.168.60.236 

  <dns>
    <forwarder addr='192.168.60.236'/>
  </dns>

2. boot up dnsmasq service on host's eth0 interface , because the dnsmasq is full functional, you can config a dns wildcard as:

address=/*.cloudapps.example.com/{vm's IP}
Comment 2 Dustin Black 2018-10-11 17:17:50 UTC 
+1

Jason's workaround is useful, but troublesome on a laptop getting new host IPs from wifi all the time. I could probably get a little more creative and create a dummy interface just to host the dnsmasq wildcard.

We should simply be able in the network XML file to:

<dns>
  <host ip='10.11.12.203'>
    <hostname>*</hostname>
  </host>
</dns>

or something like that, IMO.
Comment 3 Ben Cotton 2018-11-27 14:03:51 UTC 
This message is a reminder that Fedora 27 is nearing its end of life.
On 2018-Nov-30  Fedora will stop maintaining and issuing updates for
Fedora 27. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora  'version' of '27'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 27 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 4 David Kaylor 2018-11-27 15:46:17 UTC 
This feature is still not available on my Fedora 29 system (libvirt-daemon-4.7.0-1.fc29.x86_64). I too am using wifi and getting different IPs so prefer not to use a workaround that requires setting the IP. My current workaround is to just set up the network and dnsmasq outside of libvirt.

In my dnsmasq configuration, I then use a cname similar to this:

cname=*.cloudapps.example.com,master.example.com
Comment 5 Lukas Bednar 2019-04-16 13:20:11 UTC 
This RFE is exactly what is missing to make openshift cluster installation working out of box on top of libvirt.

My expectation is something like following snippet to do a trick.
```
<dns>
  <host ip='192.168.126.11'>
    <hostname>*.apps.clustername.clusterdomain</hostname>
  </host>
</dns>
```
Comment 6 Sergio G. 2019-07-10 17:09:11 UTC 
+1 to get this RFE implemented
Comment 7 Antonio Navarro 2019-07-10 18:03:11 UTC 
+1 to get this RFE implemented
Comment 8 Cole Robinson 2019-07-15 17:10:10 UTC 
I sent patches upstream that enable setting raw dnsmasq options in the <network> XML, which should enable this in the absence of proper XML support. If it's accepted I'll update this bug with an XML example
Comment 10 Kevin Chung 2019-07-23 17:43:27 UTC 
+1 to get this RFE implemented.  Similar to others who have posted before, my workaround thus far has been to turn off libvirt and use dnsmasq standalone for wildcard DNS.
Comment 11 Cole Robinson 2019-07-24 16:51:28 UTC 
The next libvirt release 5.6.0 should be out within the next couple weeks and will allow passing options directly to dnsmasq. So you will be able to do something like:

      <network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
        ...
        <dnsmasq:options>
          <dnsmasq:option value="cname=BLAH"/>
        </dnsmasq:options>
      </network>

Replacing BLAH with whatever cname value you need. These are dnsmasq config file options so they shouldn't be preceded with a '-'

This bug will remain open though to track officially exposing this option in the XML. But there's no timetable on that
Comment 16 Eric Lavarde 2023-07-07 13:31:40 UTC 
According to https://libvirt.org/formatnetwork.html#network-namespaces the feature announced has been implemented and is present in version 9.0.0 / Fedora 38.

And indeed, adding the following lines to the network XML:

```
<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0' connections='1'>
[...]
  <dnsmasq:options>
    <dnsmasq:option value='cname=api.myocp.example.com,ocp.example.com'/>
    <dnsmasq:option value='cname=api-int.myocp.example.com,ocp.example.com'/>
    <dnsmasq:option value='cname=*.apps.myocp.example.com,ocp.example.com'/>
  </dnsmasq:options>
```

Adds the following lines to `/var/lib/libvirt/dnsmasq/default.conf`:

```
cname=api.myocp.example.com,ocp.example.com
cname=api-int.myocp.example.com,ocp.example.com
cname=*.apps.myocp.example.com,ocp.example.com
```

The first two CNAMEs also do work, but the 3rd one doesn't act like a wildcard, it only responds to the "asterisk" but doesn't do any wildcarding

```
$ getent hosts *.apps.myocp.example.com
192.168.122.123 ocp.example.com
$ getent hosts xyz.apps.myocp.example.com
<no answer>
```

But the 1st link seems to hint at the fact that it should work, but perhaps I'm missing something.
Comment 17 Eric Lavarde 2023-07-07 14:54:47 UTC 
OK, so I think I got it this time and the ticket can probably be closed:

Adding the following lines to the net-XML makes the wildcard CNAME work:

```
    <dnsmasq:option value='auth-server=example.com,'/>
    <dnsmasq:option value='auth-zone=example.com,192.168.122.0/24'/>
```

From my limited understanding, this makes the dnsmasq authoritative for the zone and allows for the wildcard to work as expected.

An alternative might have been to add `address=/.apps.myocp.ewl.example.com/192.168.122.123` (without wildcard CNAME) but it would have required to know the VM's IP address in advance.