Hi Gregory, thanks! The 100% cpu usage is gone!
I'm using lxC, so I had to "hack" your instructions. /etc/default/lxc-net: LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf /etc/lxc/dnsmasq.conf: dns-loop-detect auth-zone=lxc But now I cannot resolve external domains from inside the containers, and I know why: the upstream dns for 10.0.1.1 is my host and my host's first dns is 10.0.1.1 (loop). I'll go back to /etc/hosts for now. BTW, can you post your /etc/resolv.conf, /run/NetworkManager/resolv.conf, /run/systemd/resolv/resolv.conf, /run/resolvconf/resolv.conf? What does /etc/resolv.conf look like in your containers? Thanks! Regards, Norberto 2017-04-17 21:12 GMT-03:00 Gregory Lutostanski <[email protected]>: > Norbento, indeed you are not crazy! I have seen the same thing here. > On my laptop I did the nm-applet setup to setup dns on lxdbr0, and then saw > cpu usage spike to 100% due to a loop about dnsmasq asking the > network-manager dns server and back around forever... > > the way I fixed this was by adding these two config options to lxd's > dnsmasq: > auth-zone=lxd > dns-loop-detect > > http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html for what those > do. > > $ lxc network edit lxdbr0 > > looks like... > config: > ipv4.address: 10.216.134.1/24 > ipv4.nat: "true" > ipv6.address: none > ipv6.nat: "true" > raw.dnsmasq: | > auth-zone=lxd > dns-loop-detect > name: lxdbr0 > type: bridge > > No more 100% cpu usage any more! > > The workaround I was using until I figured it out was... > https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13 -- > but that only works for ssh, not for http and other stuff > > Hope you can confirm that this works for you too. > > On Mon, Apr 17, 2017 at 6:23 PM, Norberto Bensa <[email protected]> > wrote: >> >> That used to work, but from 17.04 (on the desktop editions, both >> ubuntu and kubuntu) adding the ip of the bridge to /etc/resolv.conf >> makes systemd-resolved and dnsmasq eat my cpu. >> >> 2017-04-17 12:16 GMT-03:00 Matlink <[email protected]>: >> > For me, simply adding the lxc bridge IP address to DNS resolvers made me >> > able to resolve *.lxd domains from the host machine. >> > -- >> > Matlink >> > >> > Le 17 avril 2017 13:42:36 GMT+02:00, Simos Xenitellis >> > <[email protected]> a écrit : >> >> >> >> On Thu, Apr 13, 2017 at 10:49 PM, Norberto Bensa >> >> <[email protected]> wrote: >> >>> >> >>> Hello Simos, >> >>> >> >>> 2017-04-13 10:44 GMT-03:00 Simos Xenitellis >> >>> <[email protected]>: >> >>>> >> >>>> I got stuck with this issue (Ubuntu Desktop with NetworkManager) and >> >>>> wrote about it at >> >>>> >> >>>> >> >>>> https://www.mail-archive.com/[email protected]/msg07060.html >> >>> >> >>> >> >>> For me, that doesn't work anymore with 17.04 >> >>> >> >>> I tried a lot of configuration options with dnsmasq, network-manager, >> >>> and systemd-resolved with Ubuntu and Kubuntu (real hardware and >> >>> virtualized with kvm). >> >> >> >> >> >> >> >> If you installed additional packages or changed configuration options, >> >> you might have changed something that alters the default behaviour. >> >> >> >> 1. On Ubuntu Desktop, NetworkManager handles the networking >> >> configuration. >> >> You should be able to do "ps aux | grep dnsmasq" and see at least one >> >> "dnsmasq" process, >> >> the one from NetworkManager. >> >> For me, it is: >> >> " 3653 ? S 0:00 /usr/sbin/dnsmasq --no-resolv >> >> --keep-in-foreground --no-hosts --bind-interfaces >> >> --pid-file=/var/run/NetworkManager/dnsmasq.pid >> >> --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null >> >> --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq >> >> --conf-dir=/etc/NetworkManager/dnsmasq.d" >> >> >> >> What is yours? >> >> >> >> 2. NetworkManager uses dnsmasq as a caching nameserver, and it does so >> >> by configuring /etc/resolv.conf with: >> >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by >> >> resolvconf(8) >> >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN >> >> nameserver 127.0.1.1 >> >> >> >> Can you verify that you have exactly the same? >> >> >> >> 3. Then, LXD should have it's own "dnsmasq" process (as a DHCP server >> >> and caching nameserver). >> >> This dnsmasq process binds on a specific private IP address, which you >> >> can find with, for example, >> >> >> >> ifconfig lxdbr0 >> >> >> >> In my case, it is 10.0.125.1. I have an LXD container called >> >> "mycontainer", therefore I can run >> >> >> >> $ host mycontainer.lxd 10.0.125.1 >> >> Using domain server: >> >> Name: 10.0.185.1 >> >> Address: 10.0.185.1#53 >> >> Aliases: >> >> >> >> mycontainer.lxd has address 10.0.125.18 >> >> mycontainer.lxd has IPv6 address fd42:aacb:3658:4ca6:216:3e4f:fcd9:35e1 >> >> $ _ >> >> >> >> Do you get such a result? If not, perhaps you have the wrong IP >> >> address. >> >> Also, if you ran "lxd init" several times, you might have lingering >> >> "dnsmasq" process >> >> that bind on port 53 on lxdbr0. Would need to reboot here. >> >> >> >> If you can get up to this point, then the rest is really easy. >> >> >> >> Simos >> >> ________________________________ >> >> >> >> lxc-users mailing list >> >> [email protected] >> >> http://lists.linuxcontainers.org/listinfo/lxc-users >> > >> > >> > _______________________________________________ >> > lxc-users mailing list >> > [email protected] >> > http://lists.linuxcontainers.org/listinfo/lxc-users >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
