Ubuntu
libvirt package

libvirt should register its dnsmasq with systemd-resolved, and set a suitable domain for lookups (e.g. 'libvirt.')

Bug #1694161 reported by Steve Langasek
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

In debugging bug #1694156, I found that ultimately my problem was triggered by a hard-coded /etc/resolvconf/resolv.conf.d/tail I had set once upon a time pointing to my libvirt dnsmasq server. It should not be necessary to manually edit /etc/resolvconf/resolv.conf.d/tail to register dnsmasq; instead, on a system where systemd-resolved is running, libvirt should use the DBUS protocol to register its dnsmasq with systemd-resolved, specifying both SetLinkDNS and SetLinkDomains. This would enable properly-scoped DNS lookups for only the hosts on the libvirt bridge, avoiding any possibility of DNS loops and avoiding the need for manual configuration.

To do this properly, libvirt does need to declare a link domain (SetLinkDomains) that doesn't conflict with other public DNS, or other non-authoritative DNS that may be configured on the system. I would suggest using just 'libvirt.' as a TLD, by default.

For example implementation, please see ./src/dns-manager/nm-dns-systemd-resolved.c:send_updates() in the network-manager source.

Christian Ehrhardt  (paelzer)
Changed in libvirt (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi,
I only glimpsed over the implementation in NM so far. But as much as I saw there I can only agree.
Yet this clearly needs to be implemented and developed through upstream and backported/integrated from there - which will make it eventually more stable, but also slower to appear as fixed in Ubuntu.

P.S. this is the reason I didn't dup the sibling bug 1694156 yet, but suggested a local workaround there to be tested.

Changed in libvirt (Ubuntu):
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.