Bug#690540: libvirt-bin: dnsmasq should not use option --bind-interfaces
Hi Luca, sorry for not following up earlier... On Tue, Jul 01, 2014 at 10:34:47AM +0200, Luca Capello wrote: [..snip..] > # cat /var/lib/libvirt/dnsmasq/default.conf > ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY > TO BE > ##OVERWRITTEN AND LOST. Changes to this configuration should be made > using: > ##virsh net-edit default > ## or other application using the libvirt API. > ## > ## dnsmasq conf file created by libvirt > strict-order > pid-file=/var/run/libvirt/network/default.pid > except-interface=lo > bind-interfaces > listen-address=192.168.122.1 But these two lines mean "bind to the interface with address 192.168.122.1 and only this interface" - at least that is the intention. Isn't that what one would expect? This will make sure dnsmasq does not interfere with other interfaces. Using things like bind-dynamic would only make things worse since we'd then bind to new interfaces which another (not libvirt managed) dnsmasq, bind or whatever instance would listen to. Cheers, -- Guido
Bug#690540: libvirt-bin: dnsmasq should not use option --bind-interfaces
user cont...@itopie.ch usertags 690540 + itopie.ch.it-virtualization thanks Hi Guido, On Sun, 04 May 2014 13:56:15 +0200, Guido Günther wrote: > On Mon, Oct 15, 2012 at 01:09:38PM +0200, Luca Capello wrote: > > Package: libvirt-bin > > Version: 0.9.12-5 > > Severity: wishlist > > Tags: pca.it-virtualization > > > > Hi there! > > > > While debugging #689221, I experienced such a bug, which is actually the > > counterpart of #504605, which I still think it deserves a better > > solution ;-) > > It uses bind-dynamic nowadays. Is this more what you'd expected? > Cheers, What does "nowadays" mean? And for whom, dnsmasq or libvirt? The bug is still present in wheezy-backports: = # cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 7 (wheezy)" NAME="Debian GNU/Linux" VERSION_ID="7" VERSION="7 (wheezy)" ID=debian ANSI_COLOR="1;31" HOME_URL="http://www.debian.org/"; SUPPORT_URL="http://www.debian.org/support/"; BUG_REPORT_URL="http://bugs.debian.org/"; # dpkg-query -W \*libvirt\* libvirt-bin 1.2.4-1~bpo70+1 libvirt01.2.4-1~bpo70+1 # cat /var/lib/libvirt/dnsmasq/default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order pid-file=/var/run/libvirt/network/default.pid except-interface=lo bind-interfaces listen-address=192.168.122.1 dhcp-range=192.168.122.2,192.168.122.254 dhcp-no-override dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts # = Thx, bye, Gismo / Luca signature.asc Description: Digital signature
Bug#690540: libvirt-bin: dnsmasq should not use option --bind-interfaces
Hi, On Mon, Oct 15, 2012 at 01:09:38PM +0200, Luca Capello wrote: > Package: libvirt-bin > Version: 0.9.12-5 > Severity: wishlist > Tags: pca.it-virtualization > > Hi there! > > While debugging #689221, I experienced such a bug, which is actually the > counterpart of #504605, which I still think it deserves a better > solution ;-) It uses bind-dynamic nowadays. Is this more what you'd expected? Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#690540: [Pkg-libvirt-maintainers] Bug#690540: libvirt-bin: dnsmasq should not use option --bind-interfaces
On Mon, Oct 15, 2012 at 01:09:38PM +0200, Luca Capello wrote: > Package: libvirt-bin > Version: 0.9.12-5 > Severity: wishlist > Tags: pca.it-virtualization > > Hi there! > > While debugging #689221, I experienced such a bug, which is actually the > counterpart of #504605, which I still think it deserves a better > solution ;-) bind-interaces makes sure that dnsmasq only binds to the interfaces used by your libvirt configuration so I think it's correct.. I'm not sure I understand why this is bad. The dnsmasq you start afterwards should ignore those. Let's take Simon into the loop since I'd value his opinion on this one. Cheers, -- Guido > > = > root@gismo:/srv/tftp/QNAP_TS-409U# ps aux | grep virt > nobody1480 0.0 0.0 19864 908 ?S12:16 0:00 \ > /usr/sbin/dnsmasq --strict-order --bind-interfaces \ > --pid-file=/var/run/libvirt/network/default.pid --conf-file= \ > --except-interface lo --listen-address 192.168.122.1 \ > --dhcp-range 192.168.122.2,192.168.122.254 \ > --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ > --dhcp-lease-max=253 --dhcp-no-override \ > --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile > root 3134 0.0 0.2 273392 7084 ?Sl Oct14 0:00 > /usr/sbin/libvirtd -d > root 4045 0.0 0.0 7828 888 pts/5S+ 12:27 0:00 grep virt > > root@gismo:/srv/tftp/QNAP_TS-409U# ip a s > 1: lo: mtu 16436 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host >valid_lft forever preferred_lft forever > 2: eth0: mtu 1500 qdisc pfifo_fast state UP > qlen 1000 > link/ether 00:16:d3:2c:fc:f5 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.11/24 scope global eth0 > inet6 fe80::216:d3ff:fe2c:fcf5/64 scope link >valid_lft forever preferred_lft forever > 3: wlan0: mtu 1500 qdisc mq state DOWN qlen 1000 > link/ether 00:19:d2:07:2c:a0 brd ff:ff:ff:ff:ff:ff > 6: virbr0: mtu 1500 qdisc noqueue state > DOWN > link/ether ea:65:11:58:3b:99 brd ff:ff:ff:ff:ff:ff > inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 > > root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq --no-daemon \ > --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ > > dnsmasq: failed to create listening socket for port 53: Address already in use > > root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq --no-daemon \ > --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ \ > --bind-interfaces > > dnsmasq: failed to create listening socket for 192.168.122.1: Address already > in use > > root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq--no-daemon \ > --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ \ > --bind-interfaces --except-interface virbr0 > dnsmasq: started, version 2.63 cachesize 150 > dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 > no-Lua TFTP conntrack > dnsmasq-tftp: TFTP root is /srv/tftp/QNAP_TS-409U/ > dnsmasq: reading /etc/resolv.conf > dnsmasq: using nameserver 192.168.210.1#53 > dnsmasq: read /etc/hosts - 11 addresses > ^C > > root@gismo:/srv/tftp/QNAP_TS-409U# > = > > Even after having read #504605, I fail to see why dnsmasq started by > libvirt should need --bind-interfaces at all, but I am probably missing > something. dnsmasq_2.63 introduced a new bind option, I would say > better than the above: > > --bind-dynamic > Enable a network mode which is a hybrid between > --bind-interfaces and the default. Dnsmasq binds the > address of individual interfaces, allowing multiple > dnsmasq instances, but if new interfaces or addresses > appear, it automatically listens on those (subject to > anyaccess-control configuration).This makes > dynamically created interfaces work in the same way as > the default. Implementing this option requires > non-standard networking APIs and it is only available > under Linux. On other platforms it falls-back to > --bind-interfaces mode. > > Thx, bye, > Gismo / Luca > > -- System Information: > Debian Release: wheezy/sid > APT prefers unstable > APT policy: (990, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages libvirt-bin depends on: > ii adduser 3.113+nmu3 > ii gettext-base0.18.1.1-9 > ii libavahi-client30.6.31-1 > ii libavahi-common30.6.31-1 > ii libblkid1 2.20.1-5.2 > ii libc6 2.13-35 > ii libcap-ng0 0.6.6-2 > ii libdbus-1-3 1.6.8-1 > ii libdevmapper1.02.1 2:1.02.74-4 > ii libgcrypt11 1.5.0-3 > ii libgnutls26 2.12.20-1 > ii libnetcf1 0.
Bug#690540: libvirt-bin: dnsmasq should not use option --bind-interfaces
Package: libvirt-bin Version: 0.9.12-5 Severity: wishlist Tags: pca.it-virtualization Hi there! While debugging #689221, I experienced such a bug, which is actually the counterpart of #504605, which I still think it deserves a better solution ;-) = root@gismo:/srv/tftp/QNAP_TS-409U# ps aux | grep virt nobody1480 0.0 0.0 19864 908 ?S12:16 0:00 \ /usr/sbin/dnsmasq --strict-order --bind-interfaces \ --pid-file=/var/run/libvirt/network/default.pid --conf-file= \ --except-interface lo --listen-address 192.168.122.1 \ --dhcp-range 192.168.122.2,192.168.122.254 \ --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \ --dhcp-lease-max=253 --dhcp-no-override \ --dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile root 3134 0.0 0.2 273392 7084 ?Sl Oct14 0:00 /usr/sbin/libvirtd -d root 4045 0.0 0.0 7828 888 pts/5S+ 12:27 0:00 grep virt root@gismo:/srv/tftp/QNAP_TS-409U# ip a s 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:16:d3:2c:fc:f5 brd ff:ff:ff:ff:ff:ff inet 192.168.0.11/24 scope global eth0 inet6 fe80::216:d3ff:fe2c:fcf5/64 scope link valid_lft forever preferred_lft forever 3: wlan0: mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:19:d2:07:2c:a0 brd ff:ff:ff:ff:ff:ff 6: virbr0: mtu 1500 qdisc noqueue state DOWN link/ether ea:65:11:58:3b:99 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq --no-daemon \ --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ dnsmasq: failed to create listening socket for port 53: Address already in use root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq --no-daemon \ --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ \ --bind-interfaces dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use root@gismo:/srv/tftp/QNAP_TS-409U# dnsmasq--no-daemon \ --enable-tftp --tftp-root=/srv/tftp/QNAP_TS-409U/ \ --bind-interfaces --except-interface virbr0 dnsmasq: started, version 2.63 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack dnsmasq-tftp: TFTP root is /srv/tftp/QNAP_TS-409U/ dnsmasq: reading /etc/resolv.conf dnsmasq: using nameserver 192.168.210.1#53 dnsmasq: read /etc/hosts - 11 addresses ^C root@gismo:/srv/tftp/QNAP_TS-409U# = Even after having read #504605, I fail to see why dnsmasq started by libvirt should need --bind-interfaces at all, but I am probably missing something. dnsmasq_2.63 introduced a new bind option, I would say better than the above: --bind-dynamic Enable a network mode which is a hybrid between --bind-interfaces and the default. Dnsmasq binds the address of individual interfaces, allowing multiple dnsmasq instances, but if new interfaces or addresses appear, it automatically listens on those (subject to anyaccess-control configuration).This makes dynamically created interfaces work in the same way as the default. Implementing this option requires non-standard networking APIs and it is only available under Linux. On other platforms it falls-back to --bind-interfaces mode. Thx, bye, Gismo / Luca -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libvirt-bin depends on: ii adduser 3.113+nmu3 ii gettext-base0.18.1.1-9 ii libavahi-client30.6.31-1 ii libavahi-common30.6.31-1 ii libblkid1 2.20.1-5.2 ii libc6 2.13-35 ii libcap-ng0 0.6.6-2 ii libdbus-1-3 1.6.8-1 ii libdevmapper1.02.1 2:1.02.74-4 ii libgcrypt11 1.5.0-3 ii libgnutls26 2.12.20-1 ii libnetcf1 0.2.0-4 ii libnl1 1.1-7 ii libnuma12.0.8~rc4-1 ii libparted0debian1 2.3-11 ii libpcap0.8 1.3.0-1 ii libpciaccess0 0.13.1-2 ii libreadline66.2-9 ii libsasl2-2 2.1.25.dfsg1-5 ii libudev0175-7 ii libvirt00.9.12-5 ii libxenstore3.0 4.1.3-3 ii libxml2 2.8.0+dfsg1-6 ii libyajl22.0.4-2 ii logrotate 3.8.2-1 Versions of packages libvirt-bin recommends: ii bridge-utils1.5-4 ii dmidecode 2.11+20120326-2 ii dnsmasq-base2.63-4 ii ebtables