[libvirt] Proposal: no dnsmasq (no dhcp and no dns) and no radvd option
Daniel P. Berrange
berrange at redhat.com
Wed Nov 21 12:31:17 UTC 2012
On Wed, Nov 21, 2012 at 07:18:20AM -0500, Gene Czarcinski wrote:
> On 11/20/2012 05:29 PM, Laine Stump wrote:
> >On 11/20/2012 02:36 PM, Gene Czarcinski wrote:
> >>Laine mentioned something yesterday that got me to thinking: being
> >>able to specify that dnsmasq is not to be started for an interface.
> >>
> >>Let me expand that by saying that libvirt would not start dnsmasq for
> >>either dns or dhcp and also would not start radvd. However, the IPv4
> >>and IPv6 gateway addresses would be defined on the virtual network
> >>interface and the "usual" iptables and ip6tables rules would be in force.
> >>
> >>This would allow a user to configure dnsmasq to meet any user desires
> >>or use something completely different instead of dnsmasq.
> >>
> >>Questions: Useful? Worth the time and effort?
> >That was already determined before I mentioned it to you - it's been
> >requested several times, and I've told some people it was "going to
> >happen", although didn't say when :-).
> >
> >> And then there is how should this be specified in the network xml
> >>file? ... some new parameter? ... A subperameter of <dns> such as
> >><dns disable='yes' /> ? ... a subparameter of <bridge> such as
> >><bridge name="virbr0" dns="disable" /> ?
> >The <bridge> element is commonly *not* specified manually, but is filled
> >in automatically be libvirt, so I don't think it's a good place to put
> >optional flags (you would end up manually specifying settings for the
> >things that are automatically filled in, like the bridge name).
> >
> >If anything, I would say the choice would be between putting it in <dns>
> >or in the toplevel <network>, i.e.:
> >
> > <network>
> > ...
> > <dns disable='yes'/> (or maybe "<dns enable='no'/> is better)
> > ...
> > </network>
> >
> >or
> >
> > <network dns='no'>
> > ...
> > </network>
> >
> >Or, maybe it would be even better to put it in the <ip> element:
> >
> > <ip address='192.168.122.1' netmask='255.255.255.0' dns='no'/>
> >
> >that way you could have dnsmasq listen on some of the IP addresses
> >defined for a network, but not others.
> >
> >At the same time, we probably to be able to disable ipv6 RA as well.
> >Since that's only enabled when there is an ipv6 address, it can also be
> >added into the <ip> element config:
> >
> > <ip family='ipv6' address='f00d::1' ra='no'/> (or maybe
> >"autoconf='no'" ?)
> >
> >Yeah, I think I like it best in <ip> (unless someone else has a better
> >idea).
> Not really better since I like the idea of adding this to <ip>.
> However, I believe this is wrong! it is a mistake to tie this to an
> IP address. Look at the problems that have occurred with dnsmasq.
I agree, we should let this be controlled independently of
the <ip> tag. You might want to allow DNS, without defining
any IP elements at all.
> Instead, I suggest that this be an expansion to <network>.
> For example, <network dns='no'>. This could also scratch
> an itch of mine for specifying logging:
> <network dnslog='yes" dhcplog='yes'>. Then there is the
> issue with bind-intererface and bind-dynamic:
> <network bind='dynamic'>
Since you envisage multiple config parameters related to
DNS, this argues for a top level <dns> element to group
them all together.
<network>
...
<dns.../>
...
</network>
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list