On Tue, May 31, 2016 at 09:50:03PM +0200, Martin Pitt wrote:
> Hello Stéphane,
> Stéphane Graber [2016-05-31 11:31 -0400]:
> > One more thing on that point which was just brought up in:
> > https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1571967
> > In the past, with dnsmasq on desktop we could ship a .d file which would
> > instruct the system dnsmasq to forward all ".lxc" or ".lxd" queries to
> > the LXC or LXD dnsmasq instance.
> Per-domain DNS servers can't be configured globally via files in
> resolved, only per network device. However, you said in the bug that
> this isn't working on the host anyway, only from within containers.
> And for those lxc sets up its own dnsmasq which the containers use
> as DNS server, so nothing should change in that regard, unless you are
> planning to replace lxc's dnsmasq as well.
> FYI, this can be made to work on the host if lxc/lxd would register
> containers in machined, then libnss-mymachines will resolve those
We were hoping to ship a dnsmasq.d file this cycle that would make .lxc,
.lxd and .libvirt point to their respective dnsmasq instance.
It's not the case right now which is why it only works from inside
containers, but it's something we were hoping to change.
As far as registering containers with systemd, it's my understanding
that unprivileged processes cannot do that. As the upstream of LXC and
LXD, I'm also not very keen on having to implement yet another
systemd-specific feature anyway when we already run a standard service
(DNS server) which exports that data in a normally, perfectly usable
Anyway, that part isn't particularly critical for me.
Not regressing split DNS support for VPN and not compromising system
security with unsafe cache settings is way more important.