[lxc-users] How to resolve the *.lxd hostnames from LXD (i.e. outside of the containers)

Mon Aug 29 13:13:03 UTC 2016

Hi All,

If you are in a container, you can access the other containers through
their *.lxd hostnames.
For example, you can

root at c1:~# ping c2.lxd
PING c2.lxd (10.60.113.13) 56(84) bytes of data.
64 bytes from oag.lxd (10.60.113.13): icmp_seq=1 ttl=64 time=0.064 ms


However, if you are outside of the containers, by default you can't

ubuntu at desktop:~$ ping c1.lxd
ping: unknown host c1.lxd
ubuntu at desktop:~$


The source of the problem is that LXD uses a separate instance of
"dnsmasq" in order to serve those *.lxd domains.

If you are trying out LXD on a Ubuntu Desktop (i.e. NetworkManager is
running), then the solution is to add a configuration file as follows:

ubuntu at desktop:~$ cat /etc/NetworkManager/dnsmasq.d/lxd
server=/lxd/10.60.113.1
server=/113.60.10.in-addr.arpa/10.60.113.1
ubuntu at desktop:~$

The first line says that for domains of the form *.lxd, use the
specific DNS server (10.60.113.1 in this case). The second line deals
with reverse queries.
Then, restart the network with
ubuntu at desktop:~$ sudo systemctl restart NetworkManager

By doing so, the following will now work,

ubuntu at desktop:~$ host c1.lxd
c1.lxd has address 10.60.113.13
ubuntu at desktop:~$ host 10.60.113.13
13.113.60.10.in-addr.arpa domain name pointer c1.lxd.


However, on an Ubuntu server, NetworkManager (dnsmasq specifically) is
not installed by default.
DHCP grabs the DNS configuration and adds it to /etc/resolv.conf
In this case, we need to prepend the following two lines to /etc/resolv.conf

root at lxdserver:~# cat /etc/resolv.conf
search lxd
nameserver 10.60.113.1

... rest of configuration...

root at lxdserver:~#

The "search lxd" line will allow us to type
ubuntu at lxdserver:~# host c1
c1 has address 10.60.113.13
(i.e., no need to specify the .lxd suffix).

The issue is, how to get /etc/resolv.conf to be autocreated like that?
Like that (file: /etc/dhcp/dhclient.conf),

diff --git a/dhcp/dhclient.conf b/dhcp/dhclient.conf
index 1e4ec62..73a6210 100644
--- a/dhcp/dhclient.conf
+++ b/dhcp/dhclient.conf
@@ -21,8 +21,8 @@ request subnet-mask, broadcast-address, time-offset, routers,

 #send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
 #send dhcp-lease-time 3600;
-#supersede domain-name "fugue.com home.vix.com";
-#prepend domain-name-servers 127.0.0.1;
+supersede domain-name "lxd";
+prepend domain-name-servers 10.54.220.1;
 #require subnet-mask, domain-name-servers;
 timeout 300;
 #retry 60;

You need to be careful when you run again dhclient ("sudo dhclient -r
; dhclient") on a VPS over SSH as you may lose connectivity; have a
console window open when trying this.

According to http://linux.die.net/man/5/resolv.conf
the first nameserver line in /etc/resolv.conf takes precedent and the
subsequent lines are used only if the previous fail.

My worry here is whether it is good to expose the dnsmasq of LXD for
all DNS queries, on an Ubuntu server.
I am considering between
a. have the LXD dnsmasq do the DNS queries as primary nameserver
b. set up dnsmasq on the server for caching DNS queries, then use the
first trick (server=/.../nameserver) to direct the queries to the
correct nameserver.

Hope all these have been useful to some. Any feedback is welcome.

Simos
