[libvirt] [PATCHv2] handle DNS over IPv6

Daniel P. Berrange berrange at redhat.com
Thu Jan 6 14:59:55 UTC 2011 

On Mon, Jan 03, 2011 at 04:57:52PM +0100, Paweł Krześniak wrote:
>     handle DNS over IPv6
>     
>     Firstly: Add ip6tables rules to allow DNS over IPv6 in network.
>     
>     Secondly: start dnsmasq with --interface option instead of
>     --listen-address.
>     
>     Dnsmasq currently uses "--listen-address IPv4_address" option, which
>     restricts DNS service to one IPv4 address only. We could append
>     --listen-address for every IPv[46] address defined on interface, but
>     it's cleaner to use "--interface brname".

While it is shorter to just use '--interface brname' this comes
at the price of loosing compatibility with older dnsmasq which
we still wish to support.

If we used  '--listen-address $IPV4ADDR --listen-address $IPV6ADDR'
then people with dnsmasq < 2.48 can still use the virtual network
capability in a IPv4 only context without problems. Only those
people who actually needed IPv6 DNS would have to upgrade to
newer dnsmasq.

>     There were some problems in the past with --interface option. Dnsmasq
>     version 2.46 and earlier exited with error when tired to bind() to IPv6
>     addresses on just brought up interfaces, because DAD (Duplicate
>     Address Detection) takes some time to finish and bind() returns
>     EADDRNOTAVAIL which caused dnsmasq to exit.
>     Dnsmasq version 2.47 (released on 05-Feb-2009) fixed this issue by
>     retrying bind() after getting EADDRNOTAVAIL error (as described in
>     http://www.thekelleys.org.uk/dnsmasq/CHANGELOG;
>     loop itself is defined in dnsmasq-2.47/src/network.c:404)

>     
>     * Using --interface option causes longer network startup:
>     $ time virsh -c qemu:///system net-start isolated1
>     Network isolated1 started
>     
>     real    0m0.112s
>     user    0m0.013s
>     sys     0m0.009s
>     
>     $ time virsh -c qemu:///system net-start isolated1
>     Network isolated1 started
>     
>     real    0m2.101s
>     user    0m0.011s
>     sys     0m0.011s

Do you have any idea what causes the delay ?  In particular is
the delay caused by the use of --listen-interface, or caused
by the addition of IPv6 addrs ?

Based on your descriptions here it sounds like going for multiple
--listen-address parameters offers the same level of overall
functionality, but with better compatibility for people on older
dnsmasq. So I'm not seeing a compelling reason to switch over to
using --listen-interface

Regards,
Daniel

More information about the libvir-list mailing list