<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Well In fact, my solution made my DNS resolution quite fucked up.
Every 'apt update' freezes at 0% for 30 sec.</p>
<p>Even with Gregory's solution, adding auth-zone and
dns-loop-detect in lxc network config, I've got the same issue.</p>
<p>However, it does not seem to eat my cpu.<br>
</p>
<br>
<div class="moz-cite-prefix">Le 18/04/2017 à 02:12, Gregory
Lutostanski a écrit :<br>
</div>
<blockquote
cite="mid:CAChMN2OQXTjA5H0ED5FrBRKHT1u6TLz+dXbP-pZHmSWUofE8Zg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Norbento, indeed you are not crazy! I have seen the
same thing here.<br>
On my laptop I did the nm-applet setup to setup dns on
lxdbr0, and then saw cpu usage spike to 100% due to a
loop about dnsmasq asking the network-manager dns server
and back around forever...<br>
<br>
</div>
the way I fixed this was by adding these two config
options to lxd's dnsmasq:<br>
auth-zone=lxd<br>
dns-loop-detect<br>
<br>
<a moz-do-not-send="true"
href="http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html">http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html</a>
for what those do.<br>
<br>
$ lxc network edit lxdbr0<br>
<br>
</div>
<div>looks like...<br>
config:<br>
ipv4.address: <a moz-do-not-send="true"
href="http://10.216.134.1/24">10.216.134.1/24</a><br>
ipv4.nat: "true"<br>
ipv6.address: none<br>
ipv6.nat: "true"<br>
raw.dnsmasq: |<br>
auth-zone=lxd<br>
dns-loop-detect<br>
name: lxdbr0<br>
type: bridge<br>
<br>
</div>
No more 100% cpu usage any more!<br>
<br>
</div>
The workaround I was using until I figured it out was... <a
moz-do-not-send="true"
href="https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13">https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13</a>
-- but that only works for ssh, not for http and other stuff<br>
<br>
Hope you can confirm that this works for you too.<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Apr 17, 2017 at 6:23 PM,
Norberto Bensa <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:nbensa+lxcusers@gmail.com" target="_blank">nbensa+lxcusers@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">That used
to work, but from 17.04 (on the desktop editions, both<br>
ubuntu and kubuntu) adding the ip of the bridge to
/etc/resolv.conf<br>
makes systemd-resolved and dnsmasq eat my cpu.<br>
<div>
<div class="h5"><br>
2017-04-17 12:16 GMT-03:00 Matlink <<a
moz-do-not-send="true"
href="mailto:matlink@matlink.fr">matlink@matlink.fr</a>>:<br>
> For me, simply adding the lxc bridge IP address to
DNS resolvers made me<br>
> able to resolve *.lxd domains from the host
machine.<br>
> --<br>
> Matlink<br>
><br>
> Le 17 avril 2017 13:42:36 GMT+02:00, Simos
Xenitellis<br>
> <<a moz-do-not-send="true"
href="mailto:simos.lists@googlemail.com">simos.lists@googlemail.com</a>>
a écrit :<br>
>><br>
>> On Thu, Apr 13, 2017 at 10:49 PM, Norberto
Bensa<br>
>> <<a moz-do-not-send="true"
href="mailto:nbensa%2Blxcusers@gmail.com">nbensa+lxcusers@gmail.com</a>>
wrote:<br>
>>><br>
>>> Hello Simos,<br>
>>><br>
>>> 2017-04-13 10:44 GMT-03:00 Simos
Xenitellis<br>
>>> <<a moz-do-not-send="true"
href="mailto:simos.lists@googlemail.com">simos.lists@googlemail.com</a>>:<br>
>>>><br>
>>>> I got stuck with this issue (Ubuntu
Desktop with NetworkManager) and<br>
>>>> wrote about it at<br>
>>>><br>
>>>> <a moz-do-not-send="true"
href="https://www.mail-archive.com/lxc-users@lists.linuxcontainers.org/msg07060.html"
rel="noreferrer" target="_blank">https://www.mail-archive.com/<wbr>lxc-users@lists.<wbr>linuxcontainers.org/msg07060.<wbr>html</a><br>
>>><br>
>>><br>
>>> For me, that doesn't work anymore with
17.04<br>
>>><br>
>>> I tried a lot of configuration options
with dnsmasq, network-manager,<br>
>>> and systemd-resolved with Ubuntu and
Kubuntu (real hardware and<br>
>>> virtualized with kvm).<br>
>><br>
>><br>
>><br>
>> If you installed additional packages or changed
configuration options,<br>
>> you might have changed something that alters
the default behaviour.<br>
>><br>
>> 1. On Ubuntu Desktop, NetworkManager handles
the networking configuration.<br>
>> You should be able to do "ps aux | grep
dnsmasq" and see at least one<br>
>> "dnsmasq" process,<br>
>> the one from NetworkManager.<br>
>> For me, it is:<br>
>> " 3653 ? S 0:00 /usr/sbin/dnsmasq
--no-resolv<br>
>> --keep-in-foreground --no-hosts
--bind-interfaces<br>
>> --pid-file=/var/run/<wbr>NetworkManager/dnsmasq.pid<br>
>> --listen-address=127.0.1.1 --cache-size=0
--conf-file=/dev/null<br>
>> --proxy-dnssec --enable-dbus=org.freedesktop.<wbr>NetworkManager.dnsmasq<br>
>> --conf-dir=/etc/<wbr>NetworkManager/dnsmasq.d"<br>
>><br>
>> What is yours?<br>
>><br>
>> 2. NetworkManager uses dnsmasq as a caching
nameserver, and it does so<br>
>> by configuring /etc/resolv.conf with:<br>
>> # Dynamic resolv.conf(5) file for glibc
resolver(3) generated by<br>
>> resolvconf(8)<br>
>> # DO NOT EDIT THIS FILE BY HAND -- YOUR
CHANGES WILL BE OVERWRITTEN<br>
>> nameserver 127.0.1.1<br>
>><br>
>> Can you verify that you have exactly the same?<br>
>><br>
>> 3. Then, LXD should have it's own "dnsmasq"
process (as a DHCP server<br>
>> and caching nameserver).<br>
>> This dnsmasq process binds on a specific
private IP address, which you<br>
>> can find with, for example,<br>
>><br>
>> ifconfig lxdbr0<br>
>><br>
>> In my case, it is 10.0.125.1. I have an LXD
container called<br>
>> "mycontainer", therefore I can run<br>
>><br>
>> $ host mycontainer.lxd 10.0.125.1<br>
>> Using domain server:<br>
>> Name: 10.0.185.1<br>
>> Address: 10.0.185.1#53<br>
>> Aliases:<br>
>><br>
>> mycontainer.lxd has address 10.0.125.18<br>
>> mycontainer.lxd has IPv6 address
fd42:aacb:3658:4ca6:216:3e4f:<wbr>fcd9:35e1<br>
>> $ _<br>
>><br>
>> Do you get such a result? If not, perhaps you
have the wrong IP address.<br>
>> Also, if you ran "lxd init" several times, you
might have lingering<br>
>> "dnsmasq" process<br>
>> that bind on port 53 on lxdbr0. Would need to
reboot here.<br>
>><br>
>> If you can get up to this point, then the rest
is really easy.<br>
>><br>
>> Simos<br>
>> ______________________________<wbr>__<br>
>><br>
>> lxc-users mailing list<br>
>> <a moz-do-not-send="true"
href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
>> <a moz-do-not-send="true"
href="http://lists.linuxcontainers.org/listinfo/lxc-users"
rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br>
><br>
><br>
</div>
</div>
> ______________________________<wbr>_________________<br>
<span class="">> lxc-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
> <a moz-do-not-send="true"
href="http://lists.linuxcontainers.org/listinfo/lxc-users"
rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br>
</span>______________________________<wbr>_________________<br>
<div class="HOEnZb">
<div class="h5">lxc-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
<a moz-do-not-send="true"
href="http://lists.linuxcontainers.org/listinfo/lxc-users"
rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
lxc-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>
<a class="moz-txt-link-freetext" href="http://lists.linuxcontainers.org/listinfo/lxc-users">http://lists.linuxcontainers.org/listinfo/lxc-users</a></pre>
</blockquote>
<br>
</body>
</html>