FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-22-2011, 05:49 PM
Stephen Gallagher
 
Default Orphaning dnsmasq

(Sent on behalf of jima, the former owner)

The dnsmasq package in Fedora has now been orphaned. This package is in
need of a new maintainer and should not be allowed to lapse, as it is a
critical component of the virtualization features.

It is used by libvirt to manage DNS/dhcp for client VMs hosted on a
machine, and as such is a mandatory piece of the virtualization puzzle.
It would probably then be best if one of the libvirt developers took
ownership.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-22-2011, 07:33 PM
Douglas Landgraf
 
Default Orphaning dnsmasq

Hello Stephen,

On 08/22/2011 01:49 PM, Stephen Gallagher wrote:
> (Sent on behalf of jima, the former owner)
>
> The dnsmasq package in Fedora has now been orphaned. This package is in
> need of a new maintainer and should not be allowed to lapse, as it is a
> critical component of the virtualization features.
>
> It is used by libvirt to manage DNS/dhcp for client VMs hosted on a
> machine, and as such is a mandatory piece of the virtualization puzzle.
> It would probably then be best if one of the libvirt developers took
> ownership.

I took.

--
Cheers
Douglas

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-22-2011, 11:35 PM
Paul Wouters
 
Default Orphaning dnsmasq

On Mon, 22 Aug 2011, Stephen Gallagher wrote:

> (Sent on behalf of jima, the former owner)
>
> The dnsmasq package in Fedora has now been orphaned. This package is in
> need of a new maintainer and should not be allowed to lapse, as it is a
> critical component of the virtualization features.
>
> It is used by libvirt to manage DNS/dhcp for client VMs hosted on a
> machine, and as such is a mandatory piece of the virtualization puzzle.
> It would probably then be best if one of the libvirt developers took
> ownership.

If it could also not grab port 0.0.0.0:53 in the future, that would be
great. I'd like to work with whichever libvirt developer takes this
package on.

Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-23-2011, 03:14 AM
Daniel Veillard
 
Default Orphaning dnsmasq

On Mon, Aug 22, 2011 at 03:33:58PM -0400, Douglas Landgraf wrote:
> Hello Stephen,
>
> On 08/22/2011 01:49 PM, Stephen Gallagher wrote:
> > (Sent on behalf of jima, the former owner)
> >
> > The dnsmasq package in Fedora has now been orphaned. This package is in
> > need of a new maintainer and should not be allowed to lapse, as it is a
> > critical component of the virtualization features.
> >
> > It is used by libvirt to manage DNS/dhcp for client VMs hosted on a
> > machine, and as such is a mandatory piece of the virtualization puzzle.
> > It would probably then be best if one of the libvirt developers took
> > ownership.
>
> I took.

Thanks, I certainly watch the package, but I'm happy to delegate
this :-)

Daniel

--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-24-2011, 07:24 PM
Ian Pilcher
 
Default Orphaning dnsmasq

On 08/22/2011 06:35 PM, Paul Wouters wrote:
> If it could also not grab port 0.0.0.0:53 in the future, that would be
> great. I'd like to work with whichever libvirt developer takes this
> package on.

Are you talking about dnsmasq or the way that libvirt uses dnsmasq?

The interfaces on which dnsmasq listens are configurable with the
'interface' and 'listen-address' parameters in /etc/dnsmasq.conf.

When libvirt starts dnsmasq, it tells it to ignore the configuration
file and passes all of the parameters on the command line. If you want
dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
have to take that up with the libvirt developers.

--
================================================== ======================
Ian Pilcher arequipeno@gmail.com
"If you're going to shift my paradigm ... at least buy me dinner first."
================================================== ======================

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-24-2011, 07:46 PM
Josh Stone
 
Default Orphaning dnsmasq

On 08/24/2011 12:24 PM, Ian Pilcher wrote:
> When libvirt starts dnsmasq, it tells it to ignore the configuration
> file and passes all of the parameters on the command line. If you want
> dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
> have to take that up with the libvirt developers.

At least for a NAT network, it does bind tightly, e.g. I see:
--bind-interfaces --except-interface lo --listen-address 192.168.122.1

Josh
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-25-2011, 02:24 PM
Paul Wouters
 
Default Orphaning dnsmasq

On Wed, 24 Aug 2011, Ian Pilcher wrote:

> On 08/22/2011 06:35 PM, Paul Wouters wrote:
>> If it could also not grab port 0.0.0.0:53 in the future, that would be
>> great. I'd like to work with whichever libvirt developer takes this
>> package on.
>
> Are you talking about dnsmasq or the way that libvirt uses dnsmasq?

I am talking about livirtd's usage. It's confusing and bad for various reasons, but
most importantly:

1) Prevents other DNS resolvers from listening (eg DNSSEC aware ones)
2) "service dnsmasq stop" fails because it is not started as a regular service


> When libvirt starts dnsmasq, it tells it to ignore the configuration
> file and passes all of the parameters on the command line. If you want
> dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
> have to take that up with the libvirt developers.

Here the issue is:

3) I mostly don't need/want any DNS/DHCP in my bridged setup, but it still
configures and starts dnsmasq (at least on F14 using virt-manager)
(eg I have a /28 bridges to eth1 with static IPs, I don't want it)

The biggest problem for me is wanting to run a DNSSEC aware resolver, and the
libvirtd/dnsmasq is preventing me from doing a simple "yum install unbound|bind"
by stealing port 53. Especially on my laptop with libvirtd....

Again, this is based on f14, not f15/f16. I am not sure how much this has been
addressed. But if we want DNSSEC validation on the endnode, at the very least
127.0.0.1:53 needs to be left free.

Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-25-2011, 02:37 PM
Thomas Moschny
 
Default Orphaning dnsmasq

2011/8/25 Paul Wouters <paul@xelerance.com>:
> Again, this is based on f14, not f15/f16. I am not sure how much this has been
> addressed. But if we want DNSSEC validation on the endnode, at the very least
> 127.0.0.1:53 needs to be left free.

Are you sure the dnsmasq instance started by libvirt is really
grabbing 127.0.0.1:53?

In my experiments it did not, and the issue instead was that the other
DNS server [1] wanted to grab port 53 on *all* interfaces.

- Thomas

[1] In my case that was a second instance of dnsmasq, and I had to set
--interface=lo and --bind-interfaces.


--
Thomas Moschny <thomas.moschny@gmail.com>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-25-2011, 02:37 PM
Tomas Mraz
 
Default Orphaning dnsmasq

On Thu, 2011-08-25 at 10:24 -0400, Paul Wouters wrote:
> On Wed, 24 Aug 2011, Ian Pilcher wrote:
>
> > On 08/22/2011 06:35 PM, Paul Wouters wrote:
> >> If it could also not grab port 0.0.0.0:53 in the future, that would be
> >> great. I'd like to work with whichever libvirt developer takes this
> >> package on.
> >
> > Are you talking about dnsmasq or the way that libvirt uses dnsmasq?
>
> I am talking about livirtd's usage. It's confusing and bad for various reasons, but
> most importantly:
>
> 1) Prevents other DNS resolvers from listening (eg DNSSEC aware ones)
> 2) "service dnsmasq stop" fails because it is not started as a regular service
>
>
> > When libvirt starts dnsmasq, it tells it to ignore the configuration
> > file and passes all of the parameters on the command line. If you want
> > dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
> > have to take that up with the libvirt developers.
>
> Here the issue is:
>
> 3) I mostly don't need/want any DNS/DHCP in my bridged setup, but it still
> configures and starts dnsmasq (at least on F14 using virt-manager)
> (eg I have a /28 bridges to eth1 with static IPs, I don't want it)

On a non-bridged setup it listens just on the virbr private interface
address so at least in such setups it does not conflict with bind
running as a local caching nameserver.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-25-2011, 02:40 PM
Tom Hughes
 
Default Orphaning dnsmasq

On 25/08/11 15:24, Paul Wouters wrote:

> Here the issue is:
>
> 3) I mostly don't need/want any DNS/DHCP in my bridged setup, but it still
> configures and starts dnsmasq (at least on F14 using virt-manager)
> (eg I have a /28 bridges to eth1 with static IPs, I don't want it)
>
> The biggest problem for me is wanting to run a DNSSEC aware resolver, and the
> libvirtd/dnsmasq is preventing me from doing a simple "yum install unbound|bind"
> by stealing port 53. Especially on my laptop with libvirtd....

I think you've got something odd going on.... I'm using a bridged setup
with libvirt and although I do have a dnsmasq running it is for the
private network defined in libvirt (which I'm not using) and it is only
listing on that private network's address.

So when I list networks I just have the default one:

virsh # net-list
Name State Autostart
-----------------------------------------
default active yes

and it is defined over a private address range:

virsh # net-dumpxml default
<network>
<name>default</name>
<uuid>6229892b-486a-4c48-961a-20298d585e47</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:37:0B:C2'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
</dhcp>
</ip>
</network>

and that is what lsof shows dnsmasq as listening on:

dnsmasq 2229 nobody 6u IPv4 23692 0t0 TCP
192.168.122.1:domain (LISTEN)

Though like I say, I don't actually use that as I have br0 setup as a
bridge to my ethernet card and use bridged networking with that instead.

Tom

--
Tom Hughes (tom@compton.nu)
http://compton.nu/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 01:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org