[lxc-users] Resolve .lxc domain with Ubuntu 17.04

Matlink matlink at matlink.fr
Tue Apr 18 13:04:52 UTC 2017 

Well In fact, my solution made my DNS resolution quite fucked up. Every
'apt update' freezes at 0% for 30 sec.

Even with Gregory's solution, adding auth-zone and dns-loop-detect in
lxc network config, I've got the same issue.

However, it does not seem to eat my cpu.


Le 18/04/2017 à 02:12, Gregory Lutostanski a écrit :
> Norbento, indeed you are not crazy! I have seen the same thing here.
> On my laptop I did the nm-applet setup to setup dns on lxdbr0, and
> then saw cpu usage spike to 100% due to a loop about dnsmasq asking
> the network-manager dns server and back around forever...
>
> the way I fixed this was by adding these two config options to lxd's
> dnsmasq:
> auth-zone=lxd
> dns-loop-detect
>
> http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html for what
> those do.
>
> $ lxc network edit lxdbr0
>
> looks like...
> config:
>   ipv4.address: 10.216.134.1/24 <http://10.216.134.1/24>
>   ipv4.nat: "true"
>   ipv6.address: none
>   ipv6.nat: "true"
>   raw.dnsmasq: |
>     auth-zone=lxd
>     dns-loop-detect
> name: lxdbr0
> type: bridge
>
> No more 100% cpu usage any more!
>
> The workaround I was using until I figured it out was...
> https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967/comments/13
> -- but that only works for ssh, not for http and other stuff
>
> Hope you can confirm that this works for you too.
>
> On Mon, Apr 17, 2017 at 6:23 PM, Norberto Bensa
> <nbensa+lxcusers at gmail.com <mailto:nbensa+lxcusers at gmail.com>> wrote:
>
>     That used to work, but from 17.04 (on the desktop editions, both
>     ubuntu and kubuntu) adding the ip of the bridge to /etc/resolv.conf
>     makes systemd-resolved and dnsmasq eat my cpu.
>
>     2017-04-17 12:16 GMT-03:00 Matlink <matlink at matlink.fr
>     <mailto:matlink at matlink.fr>>:
>     > For me, simply adding the lxc bridge IP address to DNS resolvers
>     made me
>     > able to resolve *.lxd domains from the host machine.
>     > --
>     > Matlink
>     >
>     > Le 17 avril 2017 13:42:36 GMT+02:00, Simos Xenitellis
>     > <simos.lists at googlemail.com <mailto:simos.lists at googlemail.com>>
>     a écrit :
>     >>
>     >> On Thu, Apr 13, 2017 at 10:49 PM, Norberto Bensa
>     >> <nbensa+lxcusers at gmail.com
>     <mailto:nbensa%2Blxcusers at gmail.com>> wrote:
>     >>>
>     >>>  Hello Simos,
>     >>>
>     >>>  2017-04-13 10:44 GMT-03:00 Simos Xenitellis
>     >>> <simos.lists at googlemail.com <mailto:simos.lists at googlemail.com>>:
>     >>>>
>     >>>>  I got stuck with this issue (Ubuntu Desktop with
>     NetworkManager) and
>     >>>>  wrote about it at
>     >>>>
>     >>>>
>     https://www.mail-archive.com/lxc-users@lists.linuxcontainers.org/msg07060.html
>     <https://www.mail-archive.com/lxc-users@lists.linuxcontainers.org/msg07060.html>
>     >>>
>     >>>
>     >>>  For me, that doesn't work anymore with 17.04
>     >>>
>     >>>  I tried a lot of configuration options with dnsmasq,
>     network-manager,
>     >>>  and systemd-resolved with Ubuntu and Kubuntu (real hardware and
>     >>>  virtualized with kvm).
>     >>
>     >>
>     >>
>     >> If you installed additional packages or changed configuration
>     options,
>     >> you might have changed something that alters the default behaviour.
>     >>
>     >> 1. On Ubuntu Desktop, NetworkManager handles the networking
>     configuration.
>     >> You should be able to do "ps aux | grep dnsmasq" and see at
>     least one
>     >> "dnsmasq" process,
>     >> the one from NetworkManager.
>     >> For me, it is:
>     >> " 3653 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv
>     >> --keep-in-foreground --no-hosts --bind-interfaces
>     >> --pid-file=/var/run/NetworkManager/dnsmasq.pid
>     >> --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null
>     >> --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
>     >> --conf-dir=/etc/NetworkManager/dnsmasq.d"
>     >>
>     >> What is yours?
>     >>
>     >> 2. NetworkManager uses dnsmasq as a caching nameserver, and it
>     does so
>     >> by configuring /etc/resolv.conf with:
>     >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>     >> resolvconf(8)
>     >> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
>     OVERWRITTEN
>     >> nameserver 127.0.1.1
>     >>
>     >> Can you verify that you have exactly the same?
>     >>
>     >> 3. Then, LXD should have it's own "dnsmasq" process (as a DHCP
>     server
>     >> and caching nameserver).
>     >> This dnsmasq process binds on a specific private IP address,
>     which you
>     >> can find with, for example,
>     >>
>     >> ifconfig lxdbr0
>     >>
>     >> In my case, it is 10.0.125.1. I have an LXD container called
>     >> "mycontainer", therefore I can run
>     >>
>     >> $ host mycontainer.lxd 10.0.125.1
>     >> Using domain server:
>     >> Name: 10.0.185.1
>     >> Address: 10.0.185.1#53
>     >> Aliases:
>     >>
>     >> mycontainer.lxd has address 10.0.125.18
>     >> mycontainer.lxd has IPv6 address
>     fd42:aacb:3658:4ca6:216:3e4f:fcd9:35e1
>     >> $ _
>     >>
>     >> Do you get such a result? If not, perhaps you have the wrong IP
>     address.
>     >> Also, if you ran "lxd init" several times, you might have lingering
>     >> "dnsmasq" process
>     >> that bind on port 53 on lxdbr0. Would need to reboot here.
>     >>
>     >> If you can get up to this point, then the rest is really easy.
>     >>
>     >> Simos
>     >> ________________________________
>     >>
>     >> lxc-users mailing list
>     >> lxc-users at lists.linuxcontainers.org
>     <mailto:lxc-users at lists.linuxcontainers.org>
>     >> http://lists.linuxcontainers.org/listinfo/lxc-users
>     <http://lists.linuxcontainers.org/listinfo/lxc-users>
>     >
>     >
>     > _______________________________________________
>     > lxc-users mailing list
>     > lxc-users at lists.linuxcontainers.org
>     <mailto:lxc-users at lists.linuxcontainers.org>
>     > http://lists.linuxcontainers.org/listinfo/lxc-users
>     <http://lists.linuxcontainers.org/listinfo/lxc-users>
>     _______________________________________________
>     lxc-users mailing list
>     lxc-users at lists.linuxcontainers.org
>     <mailto:lxc-users at lists.linuxcontainers.org>
>     http://lists.linuxcontainers.org/listinfo/lxc-users
>     <http://lists.linuxcontainers.org/listinfo/lxc-users>
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170418/e163818f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170418/e163818f/attachment.sig>

More information about the lxc-users mailing list