[libvirt] [PATCH] additional parameter needed for dnsmasq
Gene Czarcinski
gene at czarc.net
Wed Aug 22 10:51:44 UTC 2012
On 08/21/2012 11:04 AM, Daniel P. Berrange wrote:
> On Tue, Aug 21, 2012 at 10:43:44AM -0400, Gene Czarcinski wrote:
>> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=849787
>>
>> As currently configured, dnsmasq for a virtual network will pass
>> some queries upstream toward the Internet. This includes AAAA and
>> MX queries as well a A queries when dnsmasq cannot answer for that
>> name. This is occurring whether a domain name is specified or not.
>> The problem is that dnsmasq will, by default, forward all queries
>> unless "local=" is specified. I cannot envision a situation where
>> such queries should be forwarded.
>>
>> See the bugzilla report for more info. While I did a lot of testing
>> to figure out the problem and what needed to be done to fix it, I am
>> unable to actually rebuild the libvirt rpm in my environment.
>>
>> The solution is the following patch:
>>
>> diff -uNr libvirt-0.9.11.4.orig/src/network/bridge_driver.c
>> libvirt-0.9.11.4/src/network/bridge_driver.c
>> --- libvirt-0.9.11.4.orig/src/network/bridge_driver.c 2012-06-15
>> 14:23:21.000000000 -0400
>> +++ libvirt-0.9.11.4/src/network/bridge_driver.c 2012-08-21
>> 09:03:17.387602485 -0400
>> @@ -491,7 +491,13 @@
>> virCommandAddArgList(cmd, "--strict-order",
>> "--bind-interfaces", NULL);
>>
>> if (network->def->domain)
>> - virCommandAddArgList(cmd, "--domain", network->def->domain, NULL);
>> +// virCommandAddArgList(cmd, "--domain",
>> network->def->domain, NULL);
>> + virCommandAddArgFormat(cmd,
>> + "--domain %s --local=/%s/",
>> + network->def->domain,
>> + network->def->domain);
>> + else
>> + virCommandAddArg(cmd, "--local=");
>>
>> if (pidfile)
>> virCommandAddArgPair(cmd, "--pid-file", pidfile);
>
> Since this changes the code that generates dnsmasq args, you'll
> also need to update the tests/networkxml2argvdata/ data files
> to take account of your new additions.
>
>
And here I thought it was just a tiny patch. When I get thinks
finalized, there will be an update to the tests also.
But, the patch itself is not good. For example, for no domain
specified, instead of "--local=", it should be "--local-//". And then
with the domain specified, this just does not work for some reason
dnsmasq has errors starting.
I must say that I believe that whoever chose to use dnsmasq definitely
made the right choice. However, I wich it was easier to change and test
new parameter seetings for dnsmasq rather than having it in the code.
So that I do not have to go through a lot of code changes, I am testing
with two virtual guests. The first has two NICs one connected to the
default network and a second to a private network with dnsmasq (dns and
dhcp) for the private network. The second guest is on the private
network and tests the various setups for dnsmasq.
My initial simplified test used the /etc/dnsmasq.conf and supplied some
additional parameters that I had not realized. My testing is not
attempting to create a situation similar to that for libvirtd which has
everything specified on the command-line.
Any comments, suggestions will be appreciated.
Gene
More information about the libvir-list
mailing list