I am running lxc-net service on Oracle Linux 7. Here is the configuration information for the dnsmasq setup:
### START dnsmasq (lxc-net) configuration information ### [ubuntu@guardian ~]$ cat /etc/NetworkManager/NetworkManager.conf # Configuration file for NetworkManager. # # See "man 5 NetworkManager.conf" for details. # # The directory /etc/NetworkManager/conf.d/ can contain additional configuration # snippets. Those snippets override the settings from this main file. # # The files within conf.d/ directory are read in asciibetical order. # # If two files define the same key, the one that is read afterwards will overwrite # the previous one. [main] plugins=ifcfg-rh dns=none [logging] #level=DEBUG #domains=ALL [ubuntu@guardian ~]$ [ubuntu@guardian ~]$ dnsmasq --version Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free software, and you are welcome to redistribute it under the terms of the GNU General Public License, version 2 or 3. [ubuntu@guardian ~]$ cat /etc/dnsmasq.conf | grep -v '#' | sort -u bind-interfaces cache-size=150 conf-dir=/etc/dnsmasq.d dhcp-authoritative dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases dhcp-lease-max=253 dhcp-no-override DHCP-RANGE-OLXC interface=lxcbr0 listen-address=127.0.0.1 pid-file=/var/run/lxc/dnsmasq.pid resolv-file=/etc/resolv.dnsmasq server=/29.207.10.in-addr.arpa/10.207.29.2 server=/39.207.10.in-addr.arpa/10.207.39.2 server=/consultingcommandos.us/10.207.29.2 server=/gns1.orabuntu-lxc.com/10.207.39.3 server=/localnet/192.168.0.1 server=/orabuntu-lxc.com/10.207.39.2 strict-order [ubuntu@guardian ~]$ uname -a Linux guardian 4.1.12-112.14.1.el7uek.x86_64 #2 SMP Fri Dec 8 18:37:23 PST 2017 x86_64 x86_64 x86_64 GNU/Linux [ubuntu@guardian ~]$ cat /etc/oracle-release Oracle Linux Server release 7.4 [ubuntu@guardian ~]$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo) [ubuntu@guardian ~]$ [ubuntu@guardian ~]$ cat /etc/sysconfig/lxc-net # Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your # containers. Set to "false" if you'll use virbr0 or another existing # bridge, or mavlan to your host's NIC. USE_LXC_BRIDGE="true" # If you change the LXC_BRIDGE to something other than lxcbr0, then # you will also need to update your /etc/lxc/default.conf as well as the # configuration (/var/lib/lxc/<container>/config) for any containers # already created using the default config to reflect the new bridge # name. # If you have the dnsmasq daemon installed, you'll also have to update # /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. LXC_BRIDGE="lxcbr0" LXC_ADDR="10.133.192.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="10.133.192.0/24" LXC_DHCP_RANGE="10.133.192.2,10.133.192.254" LXC_DHCP_MAX="253" # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. LXC_DHCP_CONFILE=/etc/dnsmasq.conf # Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc # domain. You can then add "server=/lxc/10.0.3.1' (or your actual ) # to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your # host. #LXC_DOMAIN="lxc" [ubuntu@guardian ~]$ ### END dnsmasq (lxc-net) configuration ### At 10.207.39.2 (on a different physical host - "santorini") via a GRE tunnel there is an LXC container "olive" that has a bind9/isc-dhcp-server setup that hands out dhcp addresses and automatically adds them to bind9 DNS, all inside the container. Everything works just great for DNS resolution on guardian EXCEPT that when new containers are created and come up on santorini, DNS lookups fail on guardian for the newly-added-to-olive container DNS records. The only way I can get lxc-net to successful lookup of newly added DNS entries on olive is to restart lxc-net on guardian (sudo service lxc-net restart) and then the lookup are all there including any that were added on live in the last few seconds. Now I have found that if I activate "no-resolv" parameter in /etc/dnsmasq.conf then new DNS records on olive are immediately available on guardian without any need to restart lxc-net on guardian. However, this breaks WAN resolution to internet destinations such as google.com yahoo.com etc. Also, "no-resolv" only resolves short names apparently - for example if it will resolve "newcontainer" but it won't resolve " newcontainer.urdomain1.com". I also did some experiments with the parameter "all-servers" but it didn't seem to have any effect. This seems to be a general configuration problems because I have the same issue when systemd-resolved is used remotely in the same way I am using dnsmasq on guardian to call to the DNS/DHCP container "olive" on the GRE-connected remote host. So I think this is a general DNS lookup scenario that is not dnsmasq-specific but nevertheless I'm trying to configure dnsmasq so that it will not be necessary to keep restarting lxc-net dnsmasq to pick up new DNS updates from olive on guardian, but at the same time be able to resolve WAN addresses on guardian. Thanks, Gil -- Gilbert Standen Creator Orabuntu-LXC 914-261-4594 gilb...@orabuntu-lxc.com
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss