Ubuntu
lxc package

Setting LXC_DOMAIN causes dnsmasq forwarding loop

Bug #1246094 reported by Ed Swierk
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Medium
Serge Hallyn

Bug Description

Setting LXC_DOMAIN=lxc in /etc/default/lxc-net causes the lxc-net init script to pass -s lxc to the private LXC dnsmasq instance running on the lxcbr0 interface (on 10.0.3.1, say).

Then, adding server=/lxc/10.0.3.1 to /etc/dnsmasq.conf causes the normal dnsmasq to forward queries for the .lxc domain to the LXC dnsmasq.

Unfortunately if the normal dnsmasq requests an MX or AAAA record, or anything else that the LXC dnsmasq doesn't know how to resolve, the latter forwards to the address in /etc/resolv.conf, which is 127.0.0.1 on a system running a normal dnsmasq. And since the normal dnsmasq is listening on 127.0.0.1, and it's configured to forward queries for the .lxc domain right back to the LXC-dnsmasq. Thus the two dnsmasqs bounce the request back and forth ad infinitum.

The solution is to configure the LXC dnsmasq never to forward requests for the .lxc domain by passing the -S /lxc/ command-line argument. This way, the LXC dnsmasq answers queries that it knows about (A records for LXC hosts), but NAKs queries for any other .lxc domain queries.

See the attached patch to /debian/lxc.lxc-net.upstart.

Tags: patch
Revision history for this message
Ed Swierk (eswierk) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to /debian/lxc.lxc-net.upstart" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for the report and the patch.

Changed in lxc (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Serge Hallyn (serge-hallyn)
Revision history for this message
Amir (amirsan) wrote :

@Serge Hallyn (serge-hallyn)

Don't just thank him, but merge the patch into lxc :)

That trick with passing -S /lxc/ to lxc's dnsmasq really speed up lxc domain resolution when I ssh into lxc containers by using their lxc domains

Revision history for this message
Edle8 (edle8) wrote :

Please merge the patch, I confirm that with the patch my resolution problems are solved.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Pushed upstream, will be in LXC 1.0.1 which we'll probably release in a week or so.

Changed in lxc (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.0.1-0ubuntu1

---------------
lxc (1.0.1-0ubuntu1) trusty; urgency=medium

  * New upstream bugfix release. (LP: #1246094, LP: #1277466)
    Changelog at: https://linuxcontainers.org/news
  * Add xz-utils to lxc-templates' dependencies.
 -- Stephane Graber <email address hidden> Fri, 07 Mar 2014 12:18:28 -0500

Changed in lxc (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.