Orphaning dnsmasq
Paul Wouters
paul at xelerance.com
Thu Aug 25 14:24:17 UTC 2011
On Wed, 24 Aug 2011, Ian Pilcher wrote:
> On 08/22/2011 06:35 PM, Paul Wouters wrote:
>> If it could also not grab port 0.0.0.0:53 in the future, that would be
>> great. I'd like to work with whichever libvirt developer takes this
>> package on.
>
> Are you talking about dnsmasq or the way that libvirt uses dnsmasq?
I am talking about livirtd's usage. It's confusing and bad for various reasons, but
most importantly:
1) Prevents other DNS resolvers from listening (eg DNSSEC aware ones)
2) "service dnsmasq stop" fails because it is not started as a regular service
> When libvirt starts dnsmasq, it tells it to ignore the configuration
> file and passes all of the parameters on the command line. If you want
> dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
> have to take that up with the libvirt developers.
Here the issue is:
3) I mostly don't need/want any DNS/DHCP in my bridged setup, but it still
configures and starts dnsmasq (at least on F14 using virt-manager)
(eg I have a /28 bridges to eth1 with static IPs, I don't want it)
The biggest problem for me is wanting to run a DNSSEC aware resolver, and the
libvirtd/dnsmasq is preventing me from doing a simple "yum install unbound|bind"
by stealing port 53. Especially on my laptop with libvirtd....
Again, this is based on f14, not f15/f16. I am not sure how much this has been
addressed. But if we want DNSSEC validation on the endnode, at the very least
127.0.0.1:53 needs to be left free.
Paul
More information about the devel
mailing list