[lxc-users] Resolve .lxc domain with Ubuntu 17.04

Gregory Lutostanski gregory.lutostanski at canonical.com
Tue Apr 18 00:12:13 UTC 2017


Norbento, indeed you are not crazy! I have seen the same thing here.
On my laptop I did the nm-applet setup to setup dns on lxdbr0, and then saw
cpu usage spike to 100% due to a loop about dnsmasq asking the
network-manager dns server and back around forever...

the way I fixed this was by adding these two config options to lxd's
dnsmasq:
auth-zone=lxd
dns-loop-detect

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html for what those
do.

$ lxc network edit lxdbr0

looks like...
config:
  ipv4.address: 10.216.134.1/24
  ipv4.nat: "true"
  ipv6.address: none
  ipv6.nat: "true"
  raw.dnsmasq: |
    auth-zone=lxd
    dns-loop-detect
name: lxdbr0
type: bridge

No more 100% cpu usage any more!

The workaround I was using until I figured it out was...
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13 --
but that only works for ssh, not for http and other stuff

Hope you can confirm that this works for you too.

On Mon, Apr 17, 2017 at 6:23 PM, Norberto Bensa <nbensa+lxcusers at gmail.com>
wrote:

> That used to work, but from 17.04 (on the desktop editions, both
> ubuntu and kubuntu) adding the ip of the bridge to /etc/resolv.conf
> makes systemd-resolved and dnsmasq eat my cpu.
>
> 2017-04-17 12:16 GMT-03:00 Matlink <matlink at matlink.fr>:
> > For me, simply adding the lxc bridge IP address to DNS resolvers made me
> > able to resolve *.lxd domains from the host machine.
> > --
> > Matlink
> >
> > Le 17 avril 2017 13:42:36 GMT+02:00, Simos Xenitellis
> > <simos.lists at googlemail.com> a écrit :
> >>
> >> On Thu, Apr 13, 2017 at 10:49 PM, Norberto Bensa
> >> <nbensa+lxcusers at gmail.com> wrote:
> >>>
> >>>  Hello Simos,
> >>>
> >>>  2017-04-13 10:44 GMT-03:00 Simos Xenitellis
> >>> <simos.lists at googlemail.com>:
> >>>>
> >>>>  I got stuck with this issue (Ubuntu Desktop with NetworkManager) and
> >>>>  wrote about it at
> >>>>
> >>>> https://www.mail-archive.com/lxc-users@lists.
> linuxcontainers.org/msg07060.html
> >>>
> >>>
> >>>  For me, that doesn't work anymore with 17.04
> >>>
> >>>  I tried a lot of configuration options with dnsmasq, network-manager,
> >>>  and systemd-resolved with Ubuntu and Kubuntu (real hardware and
> >>>  virtualized with kvm).
> >>
> >>
> >>
> >> If you installed additional packages or changed configuration options,
> >> you might have changed something that alters the default behaviour.
> >>
> >> 1. On Ubuntu Desktop, NetworkManager handles the networking
> configuration.
> >> You should be able to do "ps aux | grep dnsmasq" and see at least one
> >> "dnsmasq" process,
> >> the one from NetworkManager.
> >> For me, it is:
> >> " 3653 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv
> >> --keep-in-foreground --no-hosts --bind-interfaces
> >> --pid-file=/var/run/NetworkManager/dnsmasq.pid
> >> --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
> >> --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
> >> --conf-dir=/etc/NetworkManager/dnsmasq.d"
> >>
> >> What is yours?
> >>
> >> 2. NetworkManager uses dnsmasq as a caching nameserver, and it does so
> >> by configuring /etc/resolv.conf with:
> >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> >> resolvconf(8)
> >> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> >> nameserver 127.0.1.1
> >>
> >> Can you verify that you have exactly the same?
> >>
> >> 3. Then, LXD should have it's own "dnsmasq" process (as a DHCP server
> >> and caching nameserver).
> >> This dnsmasq process binds on a specific private IP address, which you
> >> can find with, for example,
> >>
> >> ifconfig lxdbr0
> >>
> >> In my case, it is 10.0.125.1. I have an LXD container called
> >> "mycontainer", therefore I can run
> >>
> >> $ host mycontainer.lxd 10.0.125.1
> >> Using domain server:
> >> Name: 10.0.185.1
> >> Address: 10.0.185.1#53
> >> Aliases:
> >>
> >> mycontainer.lxd has address 10.0.125.18
> >> mycontainer.lxd has IPv6 address fd42:aacb:3658:4ca6:216:3e4f:fcd9:35e1
> >> $ _
> >>
> >> Do you get such a result? If not, perhaps you have the wrong IP address.
> >> Also, if you ran "lxd init" several times, you might have lingering
> >> "dnsmasq" process
> >> that bind on port 53 on lxdbr0. Would need to reboot here.
> >>
> >> If you can get up to this point, then the rest is really easy.
> >>
> >> Simos
> >> ________________________________
> >>
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170417/621f4b05/attachment.html>


More information about the lxc-users mailing list