lxc-net: Tell dnsmasq that the LXC network is local

[thsnr]

Required information

• Distribution: Debian
• Distribution version: buster (testing)
• The output of
  • lxc-start --version: 2.0.9

Issue description

The dnsmasq started by lxc-net is told that ${LXC_DOMAIN} is a local domain and queries on that domain should not be forwarded upstream. This part works fine, but it would be nice if it would also be told not to forward reverse (IP) lookups on ${LXC_NETWORK}. Otherwise if I forward reverse lookups from the host to the lxc-net dnsmasq and there is no corresponding IP, it forwards the request back to the host resolver. This results in a loop, which drains system resources and makes other lookups extremely slow due to maximum connections being reached.

Currently I have worked around this by adding LXC_DHCP_CONFILE="/etc/lxc/dnsmasq.conf" to /etc/default/lxc and putting rev-server=10.0.3.0/24, in /etc/lxc/dnsmasq.conf.

Steps to reproduce

1. Start lxc-net with LXC_NETWORK=10.0.3.0/24 (the default).
2. Configure the host machines resolver to forward 3.0.10.in-addr.arpa requests to 10.0.3.1.
3. Lookup a non-existent IP, i.e., host 10.0.3.234.
4. Observe that the lookup hangs and the system log is filled with:

dnsmasq[XXXX]: Maximum number of concurrent DNS queries reached (max: 150)

As far as I can tell and have quickly tested, simply adding --rev-server=${LXC_NETWORK}, (note the trailing comma) to the dnsmasq invocation in start() fixes this.

[brauner]

Hm, but it seems to me that that's exactly what the confile for dnsmasq is for so I'm not sure we would implement this. :)