[lxc-users] Resolve .lxc domain with Ubuntu 17.04
Norberto Bensa
nbensa+lxcusers at gmail.com
Tue Apr 18 05:04:04 UTC 2017
Hi Gregory,
thanks! The 100% cpu usage is gone!
I'm using lxC, so I had to "hack" your instructions.
/etc/default/lxc-net:
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
/etc/lxc/dnsmasq.conf:
dns-loop-detect
auth-zone=lxc
But now I cannot resolve external domains from inside the containers,
and I know why: the upstream dns for 10.0.1.1 is my host and my host's
first dns is 10.0.1.1 (loop).
I'll go back to /etc/hosts for now.
BTW, can you post your /etc/resolv.conf,
/run/NetworkManager/resolv.conf, /run/systemd/resolv/resolv.conf,
/run/resolvconf/resolv.conf? What does /etc/resolv.conf look like in
your containers?
Thanks!
Regards,
Norberto
2017-04-17 21:12 GMT-03:00 Gregory Lutostanski
<gregory.lutostanski at canonical.com>:
> Norbento, indeed you are not crazy! I have seen the same thing here.
> On my laptop I did the nm-applet setup to setup dns on lxdbr0, and then saw
> cpu usage spike to 100% due to a loop about dnsmasq asking the
> network-manager dns server and back around forever...
>
> the way I fixed this was by adding these two config options to lxd's
> dnsmasq:
> auth-zone=lxd
> dns-loop-detect
>
> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html for what those
> do.
>
> $ lxc network edit lxdbr0
>
> looks like...
> config:
> ipv4.address: 10.216.134.1/24
> ipv4.nat: "true"
> ipv6.address: none
> ipv6.nat: "true"
> raw.dnsmasq: |
> auth-zone=lxd
> dns-loop-detect
> name: lxdbr0
> type: bridge
>
> No more 100% cpu usage any more!
>
> The workaround I was using until I figured it out was...
> https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13 --
> but that only works for ssh, not for http and other stuff
>
> Hope you can confirm that this works for you too.
>
> On Mon, Apr 17, 2017 at 6:23 PM, Norberto Bensa <nbensa+lxcusers at gmail.com>
> wrote:
>>
>> That used to work, but from 17.04 (on the desktop editions, both
>> ubuntu and kubuntu) adding the ip of the bridge to /etc/resolv.conf
>> makes systemd-resolved and dnsmasq eat my cpu.
>>
>> 2017-04-17 12:16 GMT-03:00 Matlink <matlink at matlink.fr>:
>> > For me, simply adding the lxc bridge IP address to DNS resolvers made me
>> > able to resolve *.lxd domains from the host machine.
>> > --
>> > Matlink
>> >
>> > Le 17 avril 2017 13:42:36 GMT+02:00, Simos Xenitellis
>> > <simos.lists at googlemail.com> a écrit :
>> >>
>> >> On Thu, Apr 13, 2017 at 10:49 PM, Norberto Bensa
>> >> <nbensa+lxcusers at gmail.com> wrote:
>> >>>
>> >>> Hello Simos,
>> >>>
>> >>> 2017-04-13 10:44 GMT-03:00 Simos Xenitellis
>> >>> <simos.lists at googlemail.com>:
>> >>>>
>> >>>> I got stuck with this issue (Ubuntu Desktop with NetworkManager) and
>> >>>> wrote about it at
>> >>>>
>> >>>>
>> >>>> https://www.mail-archive.com/lxc-users@lists.linuxcontainers.org/msg07060.html
>> >>>
>> >>>
>> >>> For me, that doesn't work anymore with 17.04
>> >>>
>> >>> I tried a lot of configuration options with dnsmasq, network-manager,
>> >>> and systemd-resolved with Ubuntu and Kubuntu (real hardware and
>> >>> virtualized with kvm).
>> >>
>> >>
>> >>
>> >> If you installed additional packages or changed configuration options,
>> >> you might have changed something that alters the default behaviour.
>> >>
>> >> 1. On Ubuntu Desktop, NetworkManager handles the networking
>> >> configuration.
>> >> You should be able to do "ps aux | grep dnsmasq" and see at least one
>> >> "dnsmasq" process,
>> >> the one from NetworkManager.
>> >> For me, it is:
>> >> " 3653 ? S 0:00 /usr/sbin/dnsmasq --no-resolv
>> >> --keep-in-foreground --no-hosts --bind-interfaces
>> >> --pid-file=/var/run/NetworkManager/dnsmasq.pid
>> >> --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
>> >> --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
>> >> --conf-dir=/etc/NetworkManager/dnsmasq.d"
>> >>
>> >> What is yours?
>> >>
>> >> 2. NetworkManager uses dnsmasq as a caching nameserver, and it does so
>> >> by configuring /etc/resolv.conf with:
>> >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> >> resolvconf(8)
>> >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> >> nameserver 127.0.1.1
>> >>
>> >> Can you verify that you have exactly the same?
>> >>
>> >> 3. Then, LXD should have it's own "dnsmasq" process (as a DHCP server
>> >> and caching nameserver).
>> >> This dnsmasq process binds on a specific private IP address, which you
>> >> can find with, for example,
>> >>
>> >> ifconfig lxdbr0
>> >>
>> >> In my case, it is 10.0.125.1. I have an LXD container called
>> >> "mycontainer", therefore I can run
>> >>
>> >> $ host mycontainer.lxd 10.0.125.1
>> >> Using domain server:
>> >> Name: 10.0.185.1
>> >> Address: 10.0.185.1#53
>> >> Aliases:
>> >>
>> >> mycontainer.lxd has address 10.0.125.18
>> >> mycontainer.lxd has IPv6 address fd42:aacb:3658:4ca6:216:3e4f:fcd9:35e1
>> >> $ _
>> >>
>> >> Do you get such a result? If not, perhaps you have the wrong IP
>> >> address.
>> >> Also, if you ran "lxd init" several times, you might have lingering
>> >> "dnsmasq" process
>> >> that bind on port 53 on lxdbr0. Would need to reboot here.
>> >>
>> >> If you can get up to this point, then the rest is really easy.
>> >>
>> >> Simos
>> >> ________________________________
>> >>
>> >> lxc-users mailing list
>> >> lxc-users at lists.linuxcontainers.org
>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >
>> >
>> > _______________________________________________
>> > lxc-users mailing list
>> > lxc-users at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list