Re: Orphaning dnsmasq
On Wed, 24 Aug 2011, Ian Pilcher wrote:
On 08/22/2011 06:35 PM, Paul Wouters wrote:
> If it could also not grab port 0.0.0.0:53 in the future, that would be
> great. I'd like to work with whichever libvirt developer takes this
> package on.
Are you talking about dnsmasq or the way that libvirt uses dnsmasq?
I am talking about livirtd's usage. It's confusing and bad for various reasons,
but
most importantly:
1) Prevents other DNS resolvers from listening (eg DNSSEC aware ones)
2) "service dnsmasq stop" fails because it is not started as a regular service
When libvirt starts dnsmasq, it tells it to ignore the configuration
file and passes all of the parameters on the command line. If you want
dnsmasq to not listen on 0.0.0.0:53 when it's started by libvirt, you'll
have to take that up with the libvirt developers.
Here the issue is:
3) I mostly don't need/want any DNS/DHCP in my bridged setup, but it still
configures and starts dnsmasq (at least on F14 using virt-manager)
(eg I have a /28 bridges to eth1 with static IPs, I don't want it)
The biggest problem for me is wanting to run a DNSSEC aware resolver, and the
libvirtd/dnsmasq is preventing me from doing a simple "yum install
unbound|bind"
by stealing port 53. Especially on my laptop with libvirtd....
Again, this is based on f14, not f15/f16. I am not sure how much this has been
addressed. But if we want DNSSEC validation on the endnode, at the very least
127.0.0.1:53 needs to be left free.
Paul