From 298fa4858ced29e2c42681635a5a8dcd6da0b231 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 3 Dec 2014 16:01:33 -0800 Subject: [PATCH] network: Let domains be restricted to local DNS This adds a new "localOnly" attribute on the domain element of the network xml. With this set to "yes", DNS requests under that domain will only be resolved by libvirt's dnsmasq, never forwarded upstream. This was how it worked before commit f69a6b987d616, and I found that functionality useful. For example, I have my host's NetworkManager dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can easily resolve guest names from outside. But if libvirt's dnsmasq doesn't know a name and forwards it to the host, I'd get an endless forwarding loop. Now I can set localOnly="yes" to prevent the loop. Signed-off-by: Josh Stone --- docs/formatnetwork.html.in | 12 ++++++- docs/schemas/network.rng | 3 ++ src/conf/network_conf.c | 32 +++++++++++++++++-- src/conf/network_conf.h | 1 + src/network/bridge_driver.c | 5 +++ .../nat-network-dns-local-domain.conf | 14 ++++++++ .../nat-network-dns-local-domain.xml | 9 ++++++ tests/networkxml2conftest.c | 1 + 8 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.conf create mode 100644 tests/networkxml2confdata/nat-network-dns-local-domain.xml diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in index ca0e20709c..7cf3f69d52 100644 --- a/docs/formatnetwork.html.in +++ b/docs/formatnetwork.html.in @@ -82,7 +82,7 @@ 
         ...
         <bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/>
-        <domain name="example.com"/>
+        <domain name="example.com" localOnly="no"/>
         <forward mode="nat" dev="eth0"/>
         ...
@@ -151,6 +151,16 @@ a <forward> mode of "nat" or "route" (or an isolated network with no <forward> element). Since 0.4.5 + +

+ If the optional localOnly attribute on the + domain element is "yes", then DNS requests under + this domain will only be resolved by the virtual network's own + DNS server - they will not be forwarded to the host's upstream + DNS server. If localOnly is "no", and by + default, unresolved requests will be forwarded. + Since 1.2.12 +

forward
Inclusion of the forward element indicates that diff --git a/docs/schemas/network.rng b/docs/schemas/network.rng index a6b8cb2be7..56b6086d8f 100644 --- a/docs/schemas/network.rng +++ b/docs/schemas/network.rng @@ -234,6 +234,9 @@ + + + diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 23ec369c0e..f947d89108 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -1854,6 +1854,18 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt) /* Parse network domain information */ def->domain = virXPathString("string(./domain[1]/@name)", ctxt); + tmp = virXPathString("string(./domain[1]/@localOnly)", ctxt); + if (tmp) { + def->domainLocalOnly = virTristateBoolTypeFromString(tmp); + if (def->domainLocalOnly <= 0) { + virReportError(VIR_ERR_XML_ERROR, + _("Invalid domain localOnly setting '%s' " + "in network '%s'"), + tmp, def->name); + goto error; + } + VIR_FREE(tmp); + } if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) && virNetDevBandwidthParse(&def->bandwidth, bandwidthNode, -1) < 0) @@ -2560,8 +2572,24 @@ virNetworkDefFormatBuf(virBufferPtr buf, virBufferAsprintf(buf, "\n", macaddr); } - if (def->domain) - virBufferAsprintf(buf, "\n", def->domain); + if (def->domain) { + virBufferAsprintf(buf, "domain); + + /* default to "no", but don't format it in the XML */ + if (def->domainLocalOnly) { + const char *local = virTristateBoolTypeToString(def->domainLocalOnly); + + if (!local) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown localOnly type %d in network"), + def->domainLocalOnly); + return -1; + } + virBufferAsprintf(buf, " localOnly='%s'", local); + } + + virBufferAddLit(buf, "/>\n"); + } if (virNetworkDNSDefFormat(buf, &def->dns) < 0) goto error; diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h index b113e14e64..484522e6a8 100644 --- a/src/conf/network_conf.h +++ b/src/conf/network_conf.h @@ -225,6 +225,7 @@ struct _virNetworkDef { char *bridge; /* Name of bridge device */ int macTableManager; /* enum virNetworkBridgeMACTableManager */ char *domain; + int domainLocalOnly; /* enum virTristateBool: yes disables dns forwarding */ unsigned long delay; /* Bridge forward delay (ms) */ bool stp; /* Spanning tree protocol */ virMacAddr mac; /* mac address of bridge device */ diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 7b84e279d7..94e32ecad2 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -928,6 +928,11 @@ networkDnsmasqConfContents(virNetworkObjPtr network, } if (network->def->domain) { + if (network->def->domainLocalOnly == VIR_TRISTATE_BOOL_YES) { + virBufferAsprintf(&configbuf, + "local=/%s/\n", + network->def->domain); + } virBufferAsprintf(&configbuf, "domain=%s\n" "expand-hosts\n", diff --git a/tests/networkxml2confdata/nat-network-dns-local-domain.conf b/tests/networkxml2confdata/nat-network-dns-local-domain.conf new file mode 100644 index 0000000000..5f41b9186c --- /dev/null +++ b/tests/networkxml2confdata/nat-network-dns-local-domain.conf @@ -0,0 +1,14 @@ +##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE +##OVERWRITTEN AND LOST. Changes to this configuration should be made using: +## virsh net-edit default +## or other application using the libvirt API. +## +## dnsmasq conf file created by libvirt +strict-order +local=/example.com/ +domain=example.com +expand-hosts +except-interface=lo +bind-dynamic +interface=virbr0 +addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts diff --git a/tests/networkxml2confdata/nat-network-dns-local-domain.xml b/tests/networkxml2confdata/nat-network-dns-local-domain.xml new file mode 100644 index 0000000000..a92d71f1f2 --- /dev/null +++ b/tests/networkxml2confdata/nat-network-dns-local-domain.xml @@ -0,0 +1,9 @@ + + default + 81ff0d90-c91e-6742-64da-4a736edb9a9c + + + + + + diff --git a/tests/networkxml2conftest.c b/tests/networkxml2conftest.c index 267513f637..280db306b6 100644 --- a/tests/networkxml2conftest.c +++ b/tests/networkxml2conftest.c @@ -134,6 +134,7 @@ mymain(void) DO_TEST("nat-network-dns-hosts", full); DO_TEST("nat-network-dns-forward-plain", full); DO_TEST("nat-network-dns-forwarders", full); + DO_TEST("nat-network-dns-local-domain", full); DO_TEST("dhcp6-network", dhcpv6); DO_TEST("dhcp6-nat-network", dhcpv6); DO_TEST("dhcp6host-routed-network", dhcpv6);