Re: libvirt and systemd-resolved integration?
> Am 15.09.2021 um 19:22 schrieb Petr Menšík : Many thanks for your information. They were very helpful. I got (almost) everything working with your (and Daniel's) information. > On 9/10/21 4:57 PM, Peter Boy wrote: >> Hi all, >> >> ... >> The main challenge is to enable the host to resolve the internal name of the >> VMs. For this purpose, the DNS server provided by libvirt must be included >> in the search path (default virbr0 192.168.122.1). The server itself works >> fine. If you use dig or nsloookup to assign the servers, the names of the >> VMs are resolved correctly. > No, it does not have to be included in search path. It is just required > to forward any subset of names to dns server listening on libvirt's > interface. That’s one of the issues I currently struggle with. Due to the installation the external interface comes first in the list, before the internal interface. So the external inferfaces name server is queried first (as I could confirm in the log). 'resolvectl query' always came up with the internal FQN and IP address for a single named host, as intended. 'host' and 'nslookup' mostly used the internal, but sometimes the external FQN name (after reboots). No regularity recognizable. 'dig‘ reports having found something, but does not show any IP address. 'ping‘ and 'wget‘ (as proxy for a more or less typical application program) are not consistent either. For applications, I was able to solve this at least partially by including libvirt-nss. The other option would be to replace the link of /etc/resolve.conf with a file and define the search option accordingly (the currently automatic generated file lists the external domain name first). I'm hesitant to have that in the server documentation but stick as much as possible with upstream and default settings. Do you have another idea from your experiences? >> The internal names could be resolved, but with such a long delay that the >> solution is practically unusable. The „host“ utility provided the internal >> IPv4 name immediately, but continued searching for several seconds and >> finally the process was terminated with 2 times of the message ";; >> connection timed out; no servers could be reached“. > Host without -t parameter given sends -t A, -t and -t MX queries > for given name. Because of the way dnsmasq behaves, you are waiting for > -t and -t MX queries. Because they are looping from > systemd-resolved to dnsmasq and back, until one of them drops them. I added https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: libvirt and systemd-resolved integration?
> Am 10.09.2021 um 17:22 schrieb Daniel P. Berrangé : > > On Fri, Sep 10, 2021 at 04:57:56PM +0200, Peter Boy wrote: >> (a) === Installing libvirt-nss. (Daniel Berrange) === >> >> I did the following >> >> 1. dnf install libvirt-nss >> >> 2. Modified following the libvirt documentation and the docs included with >> the files /etc/authselect/user-nsswitch.conf and edited the hosts item to >> "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“ >> >> 3. executed: authselect apply-changes >> >> 4. reboot >> >> Neither using standard DNS without systems-resolved activated nor using >> systemd-resolved could resolve the internal names of the VM > > I think you possibly mis-interpret what the libvirt-nss module is going > to be doing here. Unfortunately, I was swamped and it took a while to do the test installations. Indeed, in the head of the action I overlooked that DNS clients use DNS of course. > Finally, libvirt-nss provides two modules. > > - "libvirt" does lookups against the hostname configured by > the guest OS when acquiring its DHCP lease. This hostname > is either set by the guest OS admin, or can be the hostname > in the libvirt network XML config (virsh net-dumpxml default) > if you're using fixed host<->ip<->mac mappings. > > - "libvirt_guest" does lookups against the guest name known > to libvirt in the host. (ie name reported by 'virsh list‘) . > > . . . . > Personally I always use the "libvirt_guest" NSS module, so get > host lookups using the libvirt guest name, but either NSS module > is valid based on your desired outcome. Thanks for all the information. Specifically libvirt_guest was very helpful. After all everything you detailed worked fine in my test installations and the libvirt_guest / nss part is currently a workaround for some inconsistency with resolvectl to handle a single, non FQN hostname. Many thanks Peter By the way you may remember CCM and Aplaws you were working on about a decade ago. It’s still alive and in use. I lead the project for several years and we are working on a transition to JEE 8/9 retaining the outstanding architectural features as structured content and strong categorisation (mirror: https://github.com/libreccm). So your work at that time did not vanish. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: libvirt and systemd-resolved integration?
On 9/10/21 4:57 PM, Peter Boy wrote: > Hi all, > > I’m working on an update of the Fedora Server virtlib documentation > (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), > specifically the part about the DNS configration. > > I would like to include and integrate the solutions presented in this thread > by Daniel Berrange and by Juan Alcaine. But unfortunately none of the > solutions worked in my test installations. I would be grateful if I could get > some hints on what I might have missed. > > The main challenge is to enable the host to resolve the internal name of the > VMs. For this purpose, the DNS server provided by libvirt must be included in > the search path (default virbr0 192.168.122.1). The server itself works fine. > If you use dig or nsloookup to assign the servers, the names of the VMs are > resolved correctly. No, it does not have to be included in search path. It is just required to forward any subset of names to dns server listening on libvirt's interface. > > > > (a) === Installing libvirt-nss. (Daniel Berrange) === > > I did the following > > 1. dnf install libvirt-nss > > 2. Modified following the libvirt documentation and the docs included with > the files /etc/authselect/user-nsswitch.conf and edited the hosts item to > "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“ > > 3. executed: authselect apply-changes > > 4. reboot > > Neither using standard DNS without systems-resolved activated nor using > systemd-resolved could resolve the internal names of the VM nss modules affects just getaddrinfo() calls from programs, if it uses only glibc to resolve names. Could be tested by "getent hosts " command. Any program using DNS directly, like host or dig, would not be affected by it. Setting up dns forwarding is more work, but would help all programs, no matter how they resolve names to IP addresses. > (b) === using libvirt hook dir to modify systemd-resolved configuration === > > I followed Juan Alcaine's instructions and after booting I got: > > (for my homelab domain, served as public here) > Link 2 (enp1s0) > Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 > Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS > DNSSEC=no/unsupported > Current DNS Server: 192.168.158.1 >DNS Servers: 192.168.158.1 fd00::3681:c4ff:fe14:21b4 > DNS Domain: fritz.box > > (for my internal domain via libvirt ipv4 only) > Link 5 (virbr0) > Current Scopes: DNS LLMNR/IPv4 > Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS > DNSSEC=no/unsupported > Current DNS Server: 192.168.122.1 >DNS Servers: 192.168.122.1 > DNS Domain: fritz.lan > > The internal names could be resolved, but with such a long delay that the > solution is practically unusable. The „host“ utility provided the internal > IPv4 name immediately, but continued searching for several seconds and > finally the process was terminated with 2 times of the message ";; connection > timed out; no servers could be reached“. Host without -t parameter given sends -t A, -t and -t MX queries for given name. Because of the way dnsmasq behaves, you are waiting for -t and -t MX queries. Because they are looping from systemd-resolved to dnsmasq and back, until one of them drops them. > > In the systemd-resolved log I found a lot of entries like > > Firing regular transaction 50808 for scope dns on > virbr0/* (validate=yes). > > But virbr0 is ipv4 only. This happens because dnsmasq serving names for libvirt network sends queries to whatever resolver it got from the system. Meaning usually back to whatever forwarded the name to it. In my configuration, I used domain statement in virsh net-edit default to prevent sending X.vm names back to the system resolver. It becames then (sort of) authoritative for that name. You would just replace vm with fritz.lan (or vm.home.arpa.). localOnly=yes is imporant part. It tells dnsmasq to consider all names under fritz.lan its own and if it does not know them, they do not exist. If dns cache on hosts forwards some domain to it, it is required to break loops. ... ... It would be nice if it could be done automagically, but I doubt used domain can be specified on just single place. Together with libvirt hook, the above should work. > Any advice greatly appreciated. > > > Peter > > > > > >> Am 08.10.2020 um 09:33 schrieb Juan Orti Alcaine : >> >> >> >> El mié., 7 oct. 2020 a las 10:35, Petr Menšík () >> escribió: >> >> >> On 10/7/20 6:44 AM, Pavel Zhukov wrote: >>> I don't think it's a good idea. >>> dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides >>> VMs with IP >>> address/lease and create corresponding dns record for it. In case of >>> resolved ip addresses and dns records must be managed either manually >>> or... with dnsmasq. >> That is not true. Any query sent to @192.168.122.1 would get reply. I >> use for example unbound on localhost and all my machines
Re: libvirt and systemd-resolved integration?
On Fri, Sep 10, 2021 at 04:57:56PM +0200, Peter Boy wrote: > Hi all, > > I’m working on an update of the Fedora Server virtlib documentation > (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), > specifically the part about the DNS configration. > > I would like to include and integrate the solutions presented in this thread > by Daniel Berrange and by Juan Alcaine. But unfortunately none of the > solutions worked in my test installations. I would be grateful if I could get > some hints on what I might have missed. > > The main challenge is to enable the host to resolve the internal name of the > VMs. For this purpose, the DNS server provided by libvirt must be included in > the search path (default virbr0 192.168.122.1). The server itself works fine. > If you use dig or nsloookup to assign the servers, the names of the VMs are > resolved correctly. > > > > (a) === Installing libvirt-nss. (Daniel Berrange) === > > I did the following > > 1. dnf install libvirt-nss > > 2. Modified following the libvirt documentation and the docs included with > the files /etc/authselect/user-nsswitch.conf and edited the hosts item to > "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“ > > 3. executed: authselect apply-changes > > 4. reboot > > Neither using standard DNS without systems-resolved activated nor using > systemd-resolved could resolve the internal names of the VM I think you possibly mis-interpret what the libvirt-nss module is going to be doing here. Applications on the host will use glibc APIs for resolving host names into IP addresses. GLibc will use the nsswitch config to determine what data sources to use for the host -> IP translation. Adding "libvirt" to the nsswitch config for "hosts:" simply tells GLibc to talk to the libvirt-nss module to try to resolve a hostname. This doesn't involve DNS at all. libvirt-nss will be queried before GLibc even gets to trying DNS. It also won't affect results reported by systemd-resolved AFAICT. You don't mention what VM configuration you're using for networking, but basically if you "virsh dumpxlm $guest", then the element *must* be configured for type=network. If it is using type=bridge or any other option, then the libvirt-nss module has no effect. Finally, libvirt-nss provides two modules. - "libvirt" does lookups against the hostname configured by the guest OS when acquiring its DHCP lease. This hostname is either set by the guest OS admin, or can be the hostname in the libvirt network XML config (virsh net-dumpxml default) if you're using fixed host<->ip<->mac mappings. - "libvirt_guest" does lookups against the guest name known to libvirt in the host. (ie name reported by 'virsh list') If you want to debug libvirt-nss problems there are two things to try "virsh domifaddr $GUEST" if that doesn't report any IP addresses, then the libvirt-nss module won't do anything. "virsh net-dhcp-leases default" will meanwhile report all IP addresses known the libvirt's dnsmasq instance currently - domifaddr is just filtering those to extract a specific guest. Personally I always use the "libvirt_guest" NSS module, so get host lookups using the libvirt guest name, but either NSS module is valid based on your desired outcome. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: libvirt and systemd-resolved integration?
Hi all, I’m working on an update of the Fedora Server virtlib documentation (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), specifically the part about the DNS configration. I would like to include and integrate the solutions presented in this thread by Daniel Berrange and by Juan Alcaine. But unfortunately none of the solutions worked in my test installations. I would be grateful if I could get some hints on what I might have missed. The main challenge is to enable the host to resolve the internal name of the VMs. For this purpose, the DNS server provided by libvirt must be included in the search path (default virbr0 192.168.122.1). The server itself works fine. If you use dig or nsloookup to assign the servers, the names of the VMs are resolved correctly. (a) === Installing libvirt-nss. (Daniel Berrange) === I did the following 1. dnf install libvirt-nss 2. Modified following the libvirt documentation and the docs included with the files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“ 3. executed: authselect apply-changes 4. reboot Neither using standard DNS without systems-resolved activated nor using systemd-resolved could resolve the internal names of the VM (b) === using libvirt hook dir to modify systemd-resolved configuration === I followed Juan Alcaine's instructions and after booting I got: (for my homelab domain, served as public here) Link 2 (enp1s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.158.1 DNS Servers: 192.168.158.1 fd00::3681:c4ff:fe14:21b4 DNS Domain: fritz.box (for my internal domain via libvirt ipv4 only) Link 5 (virbr0) Current Scopes: DNS LLMNR/IPv4 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.122.1 DNS Servers: 192.168.122.1 DNS Domain: fritz.lan The internal names could be resolved, but with such a long delay that the solution is practically unusable. The „host“ utility provided the internal IPv4 name immediately, but continued searching for several seconds and finally the process was terminated with 2 times of the message ";; connection timed out; no servers could be reached“. In the systemd-resolved log I found a lot of entries like Firing regular transaction 50808 for scope dns on virbr0/* (validate=yes). But virbr0 is ipv4 only. Any advice greatly appreciated. Peter > Am 08.10.2020 um 09:33 schrieb Juan Orti Alcaine : > > > > El mié., 7 oct. 2020 a las 10:35, Petr Menšík () > escribió: > > > On 10/7/20 6:44 AM, Pavel Zhukov wrote: > > > > I don't think it's a good idea. > > dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides > > VMs with IP > > address/lease and create corresponding dns record for it. In case of > > resolved ip addresses and dns records must be managed either manually > > or... with dnsmasq. > > That is not true. Any query sent to @192.168.122.1 would get reply. I > use for example unbound on localhost and all my machines use .vm. domain > suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically > lease names of all its dhcp clients, it works as dynamic DNS connected > with DHCP just out of the box. > > I've created a libvirt hook to do the integration I was looking for. This > works for me: > > /etc/libvirt/hooks/network.d/laptop-lab.sh > > #!/bin/bash > set -o nounset > > object="$1" > operation="$2" > suboperation="$3" > extra="$4" > > if [ "$object" == "laptop-lab" ]; then > if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then > /usr/bin/resolvectl dns laptop-lab 192.168.100.1 > /usr/bin/resolvectl domain laptop-lab laptop.lab > /usr/bin/resolvectl dnssec laptop-lab no > fi > fi > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: libvirt and systemd-resolved integration?
El mié., 7 oct. 2020 a las 10:35, Petr Menšík () escribió: > > > On 10/7/20 6:44 AM, Pavel Zhukov wrote: > > > > I don't think it's a good idea. > > dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides > > VMs with IP > > address/lease and create corresponding dns record for it. In case of > > resolved ip addresses and dns records must be managed either manually > > or... with dnsmasq. > > That is not true. Any query sent to @192.168.122.1 would get reply. I > use for example unbound on localhost and all my machines use .vm. domain > suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically > lease names of all its dhcp clients, it works as dynamic DNS connected > with DHCP just out of the box. > I've created a libvirt hook to do the integration I was looking for. This works for me: /etc/libvirt/hooks/network.d/laptop-lab.sh #!/bin/bash set -o nounset object="$1" operation="$2" suboperation="$3" extra="$4" if [ "$object" == "laptop-lab" ]; then if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then /usr/bin/resolvectl dns laptop-lab 192.168.100.1 /usr/bin/resolvectl domain laptop-lab laptop.lab /usr/bin/resolvectl dnssec laptop-lab no fi fi ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
On 10/7/20 6:44 AM, Pavel Zhukov wrote: > > I don't think it's a good idea. > dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides > VMs with IP > address/lease and create corresponding dns record for it. In case of > resolved ip addresses and dns records must be managed either manually > or... with dnsmasq. That is not true. Any query sent to @192.168.122.1 would get reply. I use for example unbound on localhost and all my machines use .vm. domain suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically lease names of all its dhcp clients, it works as dynamic DNS connected with DHCP just out of the box. unbound-control forward_add +i vm 192.168.122.1 Or permanent configuration in /etc/unbound/conf.d/vm.conf: server: domain-insecure: "vm" domain-insecure: "122.168.192.IN-ADDR.ARPA" forward-zone: name: "vm" forward-addr: 192.168.122.1 forward-first: no forward-zone: name: "122.168.192.IN-ADDR.ARPA" forward-addr: 192.168.122.1 forward-first: no Then I used in virsh edit-network default, inside element: dnsmasq is not full resolver, just like systemd-resolver. It just forwards queries it does not have answer to /etc/resolv.conf forwarders. If systemd-resolved does not running on the host, it also offers working DNSSEC environment to all VMs. Since systemd-resolved can do split DNS, it is able to do that also. But it seems current domain redirection is private API for NM. It might work: resolvectl domain virbr0 ~vm But haven't tested it. I am not sure how permanent configuration should look like in resolved.conf. Can it be configured to forward specific domain to specific server? It seems to me it expects such think only per interface, which might work with libvirt too. > On 2020-10-06 at 22:04 CEST, Juan Orti Alcaine wrote... >> Hello, >> >> In the network bridges that libvirt creates there's a dnsmasq daemon to >> resolve the VM's IPs. Is there any way to signal systemd-resolved from >> libvirt to say that in the bridge interface there is a DNS server and a >> domain? >> >> Thank you. > > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
On Wed, Oct 07, 2020 at 06:55:32AM +0200, Tomasz Torcz wrote: > On Tue, Oct 06, 2020 at 10:04:19PM +0200, Juan Orti Alcaine wrote: > > Hello, > > > > In the network bridges that libvirt creates there's a dnsmasq daemon to > > resolve the VM's IPs. Is there any way to signal systemd-resolved from > > libvirt to say that in the bridge interface there is a DNS server and a > > domain? > > Related, there is nss-mymachines: > https://www.freedesktop.org/software/systemd/man/nss-mymachines.html > > It resolves IPs of instances registered with machined. Libvirt already > registers virtual machines with machined. But as I see, libvirt does not > provide IP addresses during registration. Maybe this could be fixed? IP addresses are not known at time of registration, but libvirt's own NSS module can be used instead. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
On Tue, Oct 06, 2020 at 07:21:40PM -0500, Michael Catanzaro wrote: > > Hm, I'm not quite sure how this is intended to work. This is for resolving > VM hostnames into IP addresses? How exactly does it work prior to > systemd-resolved? E.g. lets say I have a libvirt VM named "f33", should it > be possible to resolve that name somehow from the host system? That is possible with libvirt's NSS module: https://libvirt.org/nss.html Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
El mié., 7 oct. 2020 a las 2:22, Michael Catanzaro () escribió: > > Hm, I'm not quite sure how this is intended to work. This is for > resolving VM hostnames into IP addresses? How exactly does it work > prior to systemd-resolved? E.g. lets say I have a libvirt VM named > "f33", should it be possible to resolve that name somehow from the host > system? > > Can you do what you want using > https://www.freedesktop.org/wiki/Software/systemd/resolved/ ? Maybe > SetLinkDNS for the bridge interface? But you would also need to call > SetLinkDomains to ensure queries for a particular domain go to the > bridge interface (otherwise, nothing will). You could theoretically, > for instance, claim a .libvirt domain, then resolve "f33.libvirt" to > the VM's IP? > My use case is, I have the bridge 'laptop-lab' created with libvirt: laptop-lab 23997a64-b242-4a32-8ef6-4e0c36e16598 Previously, I used dns=dnsmasq in NetworkManager to indicate that the domain 'laptop.lab' resolves through this dnsmasq instance: /etc/NetworkManager/conf.d/00-use-dnsmasq.conf: [main] dns=dnsmasq /etc/NetworkManager/dnsmasq.d/laptop_lab.conf: server=/laptop.lab/192.168.100.1 I'd like to do something similar in systemd-resolved, and indeed this works fine: # resolvectl dns laptop-lab 192.168.100.1 # resolvectl domain laptop-lab laptop.lab But this configuration is lost after a reboot, and the configuration file is not expressive enough to indicate a dns and domain on a link. A way to do this automatically would be greatly appreciated, but I guess it doesn't exist at the moment. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
On Tue, Oct 06, 2020 at 10:04:19PM +0200, Juan Orti Alcaine wrote: > Hello, > > In the network bridges that libvirt creates there's a dnsmasq daemon to > resolve the VM's IPs. Is there any way to signal systemd-resolved from > libvirt to say that in the bridge interface there is a DNS server and a > domain? Related, there is nss-mymachines: https://www.freedesktop.org/software/systemd/man/nss-mymachines.html It resolves IPs of instances registered with machined. Libvirt already registers virtual machines with machined. But as I see, libvirt does not provide IP addresses during registration. Maybe this could be fixed? -- Tomasz Torcz There exists no separation between gods and men: to...@pipebreaker.pl one blends softly casual into the other. — Frank Herbert ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq. On 2020-10-06 at 22:04 CEST, Juan Orti Alcaine wrote... Hello, In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain? Thank you. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org -- Pavel ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: libvirt and systemd-resolved integration?
Hm, I'm not quite sure how this is intended to work. This is for resolving VM hostnames into IP addresses? How exactly does it work prior to systemd-resolved? E.g. lets say I have a libvirt VM named "f33", should it be possible to resolve that name somehow from the host system? Can you do what you want using https://www.freedesktop.org/wiki/Software/systemd/resolved/ ? Maybe SetLinkDNS for the bridge interface? But you would also need to call SetLinkDomains to ensure queries for a particular domain go to the bridge interface (otherwise, nothing will). You could theoretically, for instance, claim a .libvirt domain, then resolve "f33.libvirt" to the VM's IP? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
libvirt and systemd-resolved integration?
Hello, In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain? Thank you. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
