Since v5.6.0, libvirt
added a dnsmasq
namespace with the element
, which allows to specify options directly to the underlying dnsmasq server. I'd like to create a wildcard DNS entry for my applications with that option. So I used virsh net-edit
, changed <network>
to <network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
and added the following options:
<dnsmasq:options>
<dnsmasq:option value='cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
</dnsmasq:options>
After that, the network was restarted (virsh net-destroy && virsh net-start
) and the targeting VM too (virsh destroy && virsh start
).
The cname=boards.cnx65-k8s.hobel.internal
works perfectly:
$ dig +short boards.cnx65-k8s.hobel.internal @192.168.10.1
cnx65-k8s.hobel.internal.
192.168.10.136
But dig +short x.app.cnx65-k8s.hobel.internal @192.168.10.1
doesn't resolve to any ip address. The generated configuration file /var/lib/libvirt/dnsmasq/hobel.internal.conf
contains both cname entries at the end:
strict-order
user=libvirt-dnsmasq
local=/hobel.internal/
domain=hobel.internal
expand-hosts
pid-file=/run/libvirt/network/hobel.internal.pid
except-interface=lo
bind-dynamic
interface=virbr1
dhcp-range=192.168.10.10,192.168.10.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=245
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/hobel.internal.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/hobel.internal.addnhosts
cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal
cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal
According to this answer, I added auth-server
and interface-name
to the options:
<dnsmasq:options>
<dnsmasq:option value='cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='auth-server=cnx65-k8s.hobel.internal,virbr1'/>
<dnsmasq:option value='interface-name=cnx65-k8s.hobel.internal,virbr1'/>
</dnsmasq:options>
But x.app.cnx65-k8s.hobel.internal
is still not resolved:
$ dig x.app.cnx65-k8s.hobel.internal @192.168.10.1
; <<>> DiG 9.16.1-Ubuntu <<>> x.app.cnx65-k8s.hobel.internal @192.168.10.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43624
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;x.app.cnx65-k8s.hobel.internal. IN A
;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Sat Jul 03 12:14:05 CEST 2021
;; MSG SIZE rcvd: 59
Why is this not working? Even the official libvirt
documentation lists a cname wildcard entry as example:
<dnsmasq:option value="cname=*.foo.example.com,master.example.com"/>
I think you have a dnsmasq configuration problem; maybe the interface name? It looks like you can use a wildcard. Given the following configuration for my
default
network:I end up with
/var/lib/libvirt/dnsmasq/default.conf
that looks like:The following queries work from a vm attached to that network:
And as expected this fails to return anything:
(Tests were run on Fedora 34, using libvirt-7.0.0-4.fc34.x86_64 and dnsmasq-2.85-1.fc34.x86_64)