Hi all,
I’m working on an update of the Fedora Server virtlib documentation
(https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/),
specifically the part about the DNS configration.
I would like to include and integrate the solutions presented in this thread by
Daniel Berrange and by Juan Alcaine. But unfortunately none of the solutions
worked in my test installations. I would be grateful if I could get some hints
on what I might have missed.
The main challenge is to enable the host to resolve the internal name of the
VMs. For this purpose, the DNS server provided by libvirt must be included in
the search path (default virbr0 192.168.122.1). The server itself works fine.
If you use dig or nsloookup to assign the servers, the names of the VMs are
resolved correctly.
(a) === Installing libvirt-nss. (Daniel Berrange) ===
I did the following
1. dnf install libvirt-nss
2. Modified following the libvirt documentation and the docs included with the
files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts:
files myhostname libvirt resolve [!UNAVAIL=return] dns“
3. executed: authselect apply-changes
4. reboot
Neither using standard DNS without systems-resolved activated nor using
systemd-resolved could resolve the internal names of the VM
(b) === using libvirt hook dir to modify systemd-resolved configuration ===
I followed Juan Alcaine's instructions and after booting I got:
(for my homelab domain, served as public here)
Link 2 (enp1s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.158.1
DNS Servers: 192.168.158.1 fd00::3681:c4ff:fe14:21b4
DNS Domain: fritz.box
(for my internal domain via libvirt ipv4 only)
Link 5 (virbr0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.122.1
DNS Servers: 192.168.122.1
DNS Domain: fritz.lan
The internal names could be resolved, but with such a long delay that the
solution is practically unusable. The „host“ utility provided the internal IPv4
name immediately, but continued searching for several seconds and finally the
process was terminated with 2 times of the message ";; connection timed out; no
servers could be reached“.
In the systemd-resolved log I found a lot of entries like
Firing regular transaction 50808 for <zbox.fritz.lan IN AAAA> scope dns on
virbr0/* (validate=yes).
But virbr0 is ipv4 only.
Any advice greatly appreciated.
Peter
> Am 08.10.2020 um 09:33 schrieb Juan Orti Alcaine <[email protected]>:
>
>
>
> El mié., 7 oct. 2020 a las 10:35, Petr Menšík (<[email protected]>)
> escribió:
>
>
> On 10/7/20 6:44 AM, Pavel Zhukov wrote:
> >
> > I don't think it's a good idea.
> > dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides
> > VMs with IP
> > address/lease and create corresponding dns record for it. In case of
> > resolved ip addresses and dns records must be managed either manually
> > or... with dnsmasq.
>
> That is not true. Any query sent to @192.168.122.1 would get reply. I
> use for example unbound on localhost and all my machines use .vm. domain
> suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically
> lease names of all its dhcp clients, it works as dynamic DNS connected
> with DHCP just out of the box.
>
> I've created a libvirt hook to do the integration I was looking for. This
> works for me:
>
> /etc/libvirt/hooks/network.d/laptop-lab.sh
>
> #!/bin/bash
> set -o nounset
>
> object="$1"
> operation="$2"
> suboperation="$3"
> extra="$4"
>
> if [ "$object" == "laptop-lab" ]; then
> if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then
> /usr/bin/resolvectl dns laptop-lab 192.168.100.1
> /usr/bin/resolvectl domain laptop-lab laptop.lab
> /usr/bin/resolvectl dnssec laptop-lab no
> fi
> fi
> _______________________________________________
> devel mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
