You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The dnsmasq started by lxc-net is told that ${LXC_DOMAIN} is a local domain and queries on that domain should not be forwarded upstream. This part works fine, but it would be nice if it would also be told not to forward reverse (IP) lookups on ${LXC_NETWORK}. Otherwise if I forward reverse lookups from the host to the lxc-net dnsmasq and there is no corresponding IP, it forwards the request back to the host resolver. This results in a loop, which drains system resources and makes other lookups extremely slow due to maximum connections being reached.
Currently I have worked around this by adding LXC_DHCP_CONFILE="/etc/lxc/dnsmasq.conf" to /etc/default/lxc and putting rev-server=10.0.3.0/24, in /etc/lxc/dnsmasq.conf.
Steps to reproduce
Start lxc-net with LXC_NETWORK=10.0.3.0/24 (the default).
Configure the host machines resolver to forward 3.0.10.in-addr.arpa requests to 10.0.3.1.
Lookup a non-existent IP, i.e., host 10.0.3.234.
Observe that the lookup hangs and the system log is filled with:
dnsmasq[XXXX]: Maximum number of concurrent DNS queries reached (max: 150)
As far as I can tell and have quickly tested, simply adding --rev-server=${LXC_NETWORK}, (note the trailing comma) to the dnsmasq invocation in start() fixes this.
The text was updated successfully, but these errors were encountered:
Required information
lxc-start --version
: 2.0.9Issue description
The dnsmasq started by lxc-net is told that
${LXC_DOMAIN}
is a local domain and queries on that domain should not be forwarded upstream. This part works fine, but it would be nice if it would also be told not to forward reverse (IP) lookups on${LXC_NETWORK}
. Otherwise if I forward reverse lookups from the host to the lxc-net dnsmasq and there is no corresponding IP, it forwards the request back to the host resolver. This results in a loop, which drains system resources and makes other lookups extremely slow due to maximum connections being reached.Currently I have worked around this by adding
LXC_DHCP_CONFILE="/etc/lxc/dnsmasq.conf"
to/etc/default/lxc
and puttingrev-server=10.0.3.0/24,
in/etc/lxc/dnsmasq.conf
.Steps to reproduce
LXC_NETWORK=10.0.3.0/24
(the default).host 10.0.3.234
.As far as I can tell and have quickly tested, simply adding
--rev-server=${LXC_NETWORK},
(note the trailing comma) to the dnsmasq invocation instart()
fixes this.The text was updated successfully, but these errors were encountered: