Re: enabling use of dnsmasq

From: Gene Czarcinski <gczarcinski cox net>
To: networkmanager-list gnome org
Subject: Re: enabling use of dnsmasq
Date: Sat, 08 Sep 2012 11:10:22 -0400

On 09/07/2012 04:39 PM, Dan Williams wrote:

I am doing some testing of NM using dnsmasq for a caching nameserver:
>
>  From another message:

> >>3.  Will use of dnsmasq be optional and configurable?

> >It already is, you can enable or disable it via "dns=dnsmasq" in
> >/etc/NetworkManager/NetworkManager.conf; and since recently, you can
> >tweak the configuration using files in /etc/NetworkManager/dnsmasq.d.

>
>OK, the dns=dnsmasq works but how about the configuration tweak files in
>/etc/NetworkManager/dnsmasq.d ?

Out of curiosity, what sort of things do you want to tweak?  If enough
people need to tweak them, then perhaps we should add them in a more
standardized format so that they still work if/when we get a mythical
unbound plugin too.

I am using qemu/kvm/libvirt to run a number of VMs for doing varuioustesting including some security testing. The virtual stuff seems tohave pretty good performance and my 6 AMD core processor with 16GBmemeory and an SSD for root runs quite nicely.

I can remember the names of the virtual machines but not necessarily theip addresses. I would like to access vis ssh and scp those virtualguests from the host system by name ... by IP works. Now, the dnsmasqinstances started by libvirt can be queried from the host and willrespond. You can also specify a domain name (such as "virt") for thesystems on that virtual network.


I need to be able to specify something like server=/virt/192.168.122.1

I patched NetworkManager-0.9.4.0-9.git20120521.fc17 to add the"--conf-dir=/etc/NetworkManager/dnsmasq.d" and after fiddling withselinux I got things to work.

There is another way which still involves running an instance of dnsmasqon the host's real NIC and passing "virt" queries up to 192.168.122.1... this also involves modifying the upstream dnsmasq to route "virt"domain queries back to the host. Using the caching dsnmasq is a lotsimpler.


When all is done, it works.  I can "ssh test.virt" and I am in.

BTW, doing this involves some updates to libvirt to add some additionalparameters to the dnsmasq command line ... lack of these updates producesome "interesting" loops of dns packets looping through the network.The update adds "--local-/<domainname>/ --domain-needed". I am nowlooking into doing something similar for the PTR queries ... IPV4 is nottoo bad but ipv6 is a lot more complicated.


Does that scratch your itch Dan?

Gene

References:
- Re: enabling use of dnsmasq
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]