[libvirt] [PATCH v2] network: add an option to make dns public

Cedric Bosdonnat cbosdonnat at suse.com
Mon Jul 20 15:42:05 UTC 2015


On Mon, 2015-07-20 at 16:25 +0200, Peter Krempa wrote:
> On Mon, Jul 20, 2015 at 11:29:15 +0200, Cédric Bosdonnat wrote:
> > In some use cases we don't want the virtual network's DNS to only
> > listen to the vnet interface. Adding a publiclyAccessible attribute
> > to the dns element in the configuration allows the DNS to listen to
> > all interfaces.
> 
> Would you please elaborate on the use cases where this would be useful?
> Libvirt networks shouldn't really be used for configuring dnsmasq for
> other purposes than for virtual machines where it's desired that the
> instances are separated.

This has been detailed in the previous mail thread, see here:
https://www.redhat.com/archives/libvir-list/2015-June/msg00781.html
and here:
https://www.redhat.com/archives/libvir-list/2015-June/msg00813.html

The feature has been requested by people using libvirt as a testing
infrastructure for cloud setups with vlans on top of the libvirt-defined
network. Maybe I should describe the use case in the commit log to avoid
the question being raised again and again.

--
Cedric

> > 
> > It simply disables the bind-dynamic option of dnsmasq for the network.
> > ---
> > 
> >  This patch is v2 for this one:
> >  https://www.redhat.com/archives/libvir-list/2015-June/msg00018.html
> > 
> >  Diff to v1:
> >    * Use bind-interface if public DNS is requested
> >    * Add more tests
> >    * Write out the public value in the format function
> >    * Fixed the rng
> >    * Renamed the attribute to public: shouldn't mislead users
> > 
> >  I tested this patch with several configurations of running networks.
> >  The only thing I noted though is that the user may need to adapt the system
> >  dnsmasq to avoid address:port conflicts... but hey, when one uses such a
> >  hacky feature of the libvirt network, he needs to take care of the rest ;)
> > 
> 
> This paragraph emphasises that it doesn't sound like a good thing to do.
> 
> NACK unless you will persuade me with a good enough use case.
> 
> Peter
> 





More information about the libvir-list mailing list