Bug 904940
Summary: | RFE: libvirt's dnsmasq instances should answer LOCAL DNS Queries | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomáš Hozza <thozza> |
Component: | dnsmasq | Assignee: | Tomáš Hozza <thozza> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | aquini, eblake, itamar, jistone, laine, thozza, veillard |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-12 15:02:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomáš Hozza
2013-01-28 08:43:38 UTC
I prepared and sent a patch adding new option into dnsmasq to the Upstream. This new option would allow dnsmasq to answer local DNS Queries as described in the Bug description. The patch hasn't shown up on dnsmasq-discuss yet, but as long as it adds this new option to the output of "dnsmasq --help", libvirt will be able to notice it and automatically add it in when available. (I don't believe it will be necessary to add a new option to libvirt's network config, since the only "new" place it will allow queries from is the host itself) Thanks, I look forward to this functionality! And sorry that I forgot to file this RFE myself. Let me share what other configuration changes I made on the host that make this work (at least until CVE-2012-3411 closed the loophole). It may make a nice documentation example of how this feature is useful. In libvirt's network xml (virsh net-edit default), add a domain like: <domain name='vm.example.com'/> Then create a rule for NM, like /etc/NetworkManager/dnsmasq.d/vm-hosts: server=/vm.example.com/192.168.122.1 server=/122.168.192.in-addr.arpa/192.168.122.1 Finally, tell NM to use that "vm.example.com" as a search domain too. I didn't find a way to set this globally, but it worked fine for me to set it in "Additional search domains" of em1, since my machine is always wired. Hope this helps! (In reply to comment #2) > The patch hasn't shown up on dnsmasq-discuss yet, but as long as it adds > this new option to the output of "dnsmasq --help", libvirt will be able to > notice it and automatically add it in when available. (I don't believe it > will be necessary to add a new option to libvirt's network config, since the > only "new" place it will allow queries from is the host itself) I sent the email directly to Simon Kelley and forgot to include the mailing list. I added you and the mailing list to CC. There is one solution to use IPv6, but that is a better question for libvirt maintainers. The bad thing is that there is a good reason why IPv6 is not used (Bug #501934). Upstream patch that should fix this issue: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=e25db1f273920d58c5d2e7569cd087e5bd73dd73;hp=79cb46c0e9912b1850a82f5b3e992c992853c659 I does not require any changes in libvirt. I will do some testing and push a new testing update in Fedora. The patch looks good. I'm pushing it into fedora testing update. dnsmasq-2.65-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/FEDORA-2013-1357/dnsmasq-2.65-4.fc18 dnsmasq-2.65-4.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-4.fc17 (In reply to comment #3) > Thanks, I look forward to this functionality! > And sorry that I forgot to file this RFE myself. Please test the testing package https://admin.fedoraproject.org/updates/FEDORA-2013-1357/dnsmasq-2.65-4.fc18 and add Karma if it works! dnsmasq-2.65-4.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. dnsmasq-2.65-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |