2

I want to run dnsmasq on my local machine in order to configure a wildcard to resolve to 127.0.0.1 for testing purposes.

However, when I went to start dnsmasq with systemd I got the following error message:

[root@dhcppc4 ~]# systemctl status dnsmasq -l
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2015-10-09 21:49:58 BST; 14s ago
  Process: 2652 ExecStart=/usr/sbin/dnsmasq -k (code=exited, status=2)
 Main PID: 2652 (code=exited, status=2)

Oct 09 21:49:58 dhcppc4 systemd[1]: Started DNS caching server..
Oct 09 21:49:58 dhcppc4 systemd[1]: Starting DNS caching server....
Oct 09 21:49:58 dhcppc4 dnsmasq[2652]: dnsmasq: failed to create listening socket for port 53: Address already in use
Oct 09 21:49:58 dhcppc4 systemd[1]: dnsmasq.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Oct 09 21:49:58 dhcppc4 systemd[1]: Unit dnsmasq.service entered failed state.
Oct 09 21:49:58 dhcppc4 systemd[1]: dnsmasq.service failed.

Confused as to how port 53 is taken with no current DNS server running (and confirmed with dig @127.0.0.1), I ran netstat -ln and found a process listening on port 53 on address 192.168.122.1:

tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN
udp        0      0 192.168.122.1:53        0.0.0.0:*

An ifconfig shows that 192.168.122.1 is the virtual interface virbr0.

A quick Google search and wiki later, I understand that libvirt provides virtual networking to the host in order to abstract physical interfaces. Libvirt uses a virtual network switch through which all traffic is routed [1]. The default virtual network switch, virbr0, is created when the daemon first starts.

I can then confirm that I can send queries via DIG to dnsmasq on this interface:

[grobinson@dhcppc4 ~]$ dig @192.168.122.1 +short
a.root-servers.net.
j.root-servers.net.
m.root-servers.net.
b.root-servers.net.
i.root-servers.net.
k.root-servers.net.
l.root-servers.net.
d.root-servers.net.
g.root-servers.net.
c.root-servers.net.
h.root-servers.net.
e.root-servers.net.
f.root-servers.net.

Question 1: I don't understand the reason behind having dnsmasq listen on this virtual interface? For /etc/resolv.conf I can see that the DNS servers configured at the DHCP server tell the machine to direct queries to Google DNS servers. What is its use?

# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4

I find that I can edit /etc/NetworkManager/NetworkManager.conf and add the line dns=dnsmasq and then restart network manager with systemd. From here on network manager is configured to direct queries to dnsmasq on the loopback address and can be seen with a simple call to dig:

[grobinson@dhcppc4 ~]$ dig @127.0.0.1 +short
l.root-servers.net.
g.root-servers.net.
i.root-servers.net.
...

The netstat -ln output now shows two sockets bound and listening on port 53:

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN

Question 2: how come network manager can start dnsmasq on 127.0.0.1 and I can't with systemctl? Is that because the default configuration is attempting to listen on all interfaces, which fails for virbr0? I just need to state the desired interface?

Question 3: It looks like there are two configuration options for dnsmasq: /etc/dnsmasq.conf and a folder /etc/NetworkManager/dnsmasq.d/ where configuration files can be written. It looks like the latter is for when dns=dnsmasq is set and dnsmasq listening on 127.0.0.1 since editing /etc/dnsmasq.conf has no effect on queries to @127.0.0.1. Could the former be for dnsmasq in libvirt?

3 Answers3

1

If you want your local /etc/hosts changes to propagate to your VMs using the same interface you can simply SIGHUP the local libvirt process.

Geoff
  • 11
  • 2
1

By default, libvirt starts a dnsmasq instance for each of its' virtual interface bridges. This is done to provide DHCP service to VM's running in a virtual network.

http://wiki.libvirt.org/page/VirtualNetworking

Essentially, the virbr bridge is created by libvirt every time you spin up a VM using the default settings. If you want to prevent this from happenning, you need to create the bridge yourself before starting up a VM and then start it up in "bridge" mode, speciying your custom bridge as the argument. Here is a man page that explains it pretty well. Look under the --network option:

https://www-01.ibm.com/support/knowledgecenter/linuxonibm/liaat/liaatvirtinstalloptions.htm

Every time you create a "virtual network" in libvirt, it also starts an instance of dnsmasq for it. So, again, you have to stop using libvrt's virtual networks and go manual.

  • 1
    I don't get it. That whole dnsmasq automation for bridges in libvirt ruins virsh net-* shell functions to complete uselessness as there can be scenarios in which you don't want to use dnsmasq. Not even an arg or switch to disable that behavior. – 3ronco Oct 10 '18 at 12:02
  • Read my original reply - the answer is there. In short - there is a simple way to avoid spinning up an instance of dnsmasq. –  Oct 11 '18 at 22:34
  • How could i overlook this? Found it elsewhere: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9065cfaa889b3512ad02560fbefb05c75349b10b – 3ronco Oct 12 '18 at 11:20
0

Configure your dnsmasq instance to explicit list of interfaces you want it to listen on.

In /etc/dnsmasq.conf you can use either interface names interface=eth0 or interface IP listen-address=192.168.0.1. Even with this set, dnsmasq will helpfully bind to all interfaces, so disable that by adding bind-interfaces to the config file.

Alternatively, in the config file, specify interface blacklist with except-interface=virtbr*.

Sources:

user7610
  • 150
  • 7