lxc-net dnsmasq --strict-order breaks dns for lxc non-recursive nameserver
Bug #1205086 reported by
Sidnei da Silva
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Expired
|
Low
|
Unassigned | ||
lxc (Ubuntu) |
Expired
|
Low
|
Unassigned |
Bug Description
In my setup I have a non-recursive name server that gets pushed as part of a vpn setup. This name server only resolves addresses that are part of the vpn. It gets pushed to the top of the resolv.conf file by /etc/openvpn/
Since the dnsmasq instance set up by lxc-net is started with --strict-order, containers fail to resolve addresses completely, since they hit the first name server and it does not resolve any addresses outside of the vpn.
Removing the --strict-order option in /etc/init/
To post a comment you must log in.
The vpn server is running a dnsmasq instance with the following settings:
""" /etc/hosts. openvpn- server /etc/hosts. openvpn- clients
addn-hosts=
addn-hosts=
no-hosts
dns-forward-max=0
no-resolv
"""
In the vpn server configs, it is pushing it's own IP as a dns server:
"""
push "dhcp-option DNS 10.88.0.1"
push "dhcp-option DOMAIN vpn.ubuntone.info"
"""
On the client configs, it's using the stock update-resolv-conf openvpn scripts to update resolvconf:
""" update- resolv- conf update- resolv- conf
up /etc/openvpn/
down /etc/openvpn/
"""
The end result is that the vpn client resolv.conf contains the following:
"""
$ cat /etc/resolv.conf
nameserver 10.88.0.1
nameserver 127.0.1.1
search vpn.ubuntone.info
"""
Since the lxc dnsmasq doesn't specify what to use as resolver, and it has --strict-order, it ends up querying 10.88.0.1 first and since that name server is setup with no-resolv, then it gets refused and does not move on to the next one (127.0.1.1).