Thanks!
Here’s an example setup of sharing lxdbr0 that has a subnet of 10.165.233.0/24 with multiple zones:
Create two projects
lxc project create p1
lxc project create p2
lxc profile show default | lxc profile edit default --project p1
lxc profile show default | lxc profile edit default --project p2
Launch instances in default, p1 and p2 projects:
lxc launch images:alpine/3.16 c1 --project default
lxc launch images:alpine/3.16 c1p1 --project p1
lxc launch images:alpine/3.16 c1p2 --project p2
Enable network zones on the projects:
lxc project set p1 features.networks.zones=true
lxc project set p2 features.networks.zones=true
Create zones in default, p1 and p2 projects:
lxc network zone create lxd.home --project=default \
dns.nameservers=ns1.lxd.home \
peers.test.address=127.0.0.1
lxc network zone create 233.165.10.in-addr.arpa --project=default \
dns.nameservers=ns1.233.165.10.in-addr.arpa \
peers.test.address=127.0.0.1
lxc network zone create p1.lxd.home --project=p1 \
dns.nameservers=ns1.lxd.home \
peers.test.address=127.0.0.1
lxc network zone create p2.lxd.home --project=p2 \
dns.nameservers=ns1.lxd.home \
peers.test.address=127.0.0.1
Assign the zones to lxdbr0 network:
lxc network set lxdbr0 dns.zone.forward lxd.home,p1.lxd.home,p2.lxd.home
lxc network set lxdbr0 dns.zone.reverse.ipv4 233.165.10.in-addr.arpa
Now you can see the project zone views in action:
First lets have a look at the instance IPs:
lxc list --all-projects
+---------+------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| PROJECT | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+---------+------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| default | c1 | RUNNING | 10.165.233.117 (eth0) | fd42:5ba3:9d44:c230:216:3eff:fe31:649b (eth0) | CONTAINER | 0 |
+---------+------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| p1 | c1p1 | RUNNING | 10.165.233.104 (eth0) | fd42:5ba3:9d44:c230:216:3eff:fe8c:1fb9 (eth0) | CONTAINER | 0 |
+---------+------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
| p2 | c1p2 | RUNNING | 10.165.233.99 (eth0) | fd42:5ba3:9d44:c230:216:3eff:fe0c:a49c (eth0) | CONTAINER | 0 |
+---------+------+---------+-----------------------+-----------------------------------------------+-----------+-----------+
And lets look at the associated leases for lxdbr0 network for each project (as this is where the zone content comes from):
lxc network list-leases lxdbr0 --project=default
+-----------+-------------------+----------------------------------------+---------+
| HOSTNAME | MAC ADDRESS | IP ADDRESS | TYPE |
+-----------+-------------------+----------------------------------------+---------+
| c1 | 00:16:3e:31:64:9b | 10.165.233.117 | DYNAMIC |
+-----------+-------------------+----------------------------------------+---------+
| c1 | 00:16:3e:31:64:9b | fd42:5ba3:9d44:c230:216:3eff:fe31:649b | DYNAMIC |
+-----------+-------------------+----------------------------------------+---------+
| lxdbr0.gw | | 10.165.233.1 | GATEWAY |
+-----------+-------------------+----------------------------------------+---------+
| lxdbr0.gw | | fd42:5ba3:9d44:c230::1 | GATEWAY |
+-----------+-------------------+----------------------------------------+---------+
lxc network list-leases lxdbr0 --project=p1
+----------+-------------------+----------------------------------------+---------+
| HOSTNAME | MAC ADDRESS | IP ADDRESS | TYPE |
+----------+-------------------+----------------------------------------+---------+
| c1p1 | 00:16:3e:8c:1f:b9 | 10.165.233.104 | DYNAMIC |
+----------+-------------------+----------------------------------------+---------+
| c1p1 | 00:16:3e:8c:1f:b9 | fd42:5ba3:9d44:c230:216:3eff:fe8c:1fb9 | DYNAMIC |
+----------+-------------------+----------------------------------------+---------+
lxc network list-leases lxdbr0 --project=p2
+----------+-------------------+----------------------------------------+---------+
| HOSTNAME | MAC ADDRESS | IP ADDRESS | TYPE |
+----------+-------------------+----------------------------------------+---------+
| c1p2 | 00:16:3e:0c:a4:9c | 10.165.233.99 | DYNAMIC |
+----------+-------------------+----------------------------------------+---------+
| c1p2 | 00:16:3e:0c:a4:9c | fd42:5ba3:9d44:c230:216:3eff:fe0c:a49c | DYNAMIC |
+----------+-------------------+----------------------------------------+---------+
Now lets look at the forward zone for lxd.home (which belongs to the default project) to get addresses in the default project:
dig @127.0.0.1 axfr lxd.home
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 axfr lxd.home
; (1 server found)
;; global options: +cmd
lxd.home. 3600 IN SOA lxd.home. ns1.lxd.home. 1669808419 120 60 86400 30
lxd.home. 300 IN NS ns1.lxd.home.
lxdbr0.gw.lxd.home. 300 IN A 10.165.233.1
lxdbr0.gw.lxd.home. 300 IN AAAA fd42:5ba3:9d44:c230::1
c1.lxd.home. 300 IN AAAA fd42:5ba3:9d44:c230:216:3eff:fe31:649b
c1.lxd.home. 300 IN A 10.165.233.117
lxd.home. 3600 IN SOA lxd.home. ns1.lxd.home. 1669808419 120 60 86400 30
Next, the forward zone for p1.lxd.home (which belongs to the p1 project) to get addresses in the p1 project:
dig @127.0.0.1 axfr p1.lxd.home
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 axfr p1.lxd.home
; (1 server found)
;; global options: +cmd
p1.lxd.home. 3600 IN SOA p1.lxd.home. ns1.lxd.home. 1669808525 120 60 86400 30
p1.lxd.home. 300 IN NS ns1.lxd.home.
c1p1.p1.lxd.home. 300 IN AAAA fd42:5ba3:9d44:c230:216:3eff:fe8c:1fb9
c1p1.p1.lxd.home. 300 IN A 10.165.233.104
p1.lxd.home. 3600 IN SOA p1.lxd.home. ns1.lxd.home. 1669808525 120 60 86400 30
Next, the forward zone for p2.lxd.home (which belongs to the p2 project) to get addresses in the p2 project:
dig @127.0.0.1 axfr p2.lxd.home
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 axfr p2.lxd.home
; (1 server found)
;; global options: +cmd
p2.lxd.home. 3600 IN SOA p2.lxd.home. ns1.lxd.home. 1669808559 120 60 86400 30
p2.lxd.home. 300 IN NS ns1.lxd.home.
c1p2.p2.lxd.home. 300 IN AAAA fd42:5ba3:9d44:c230:216:3eff:fe0c:a49c
c1p2.p2.lxd.home. 300 IN A 10.165.233.99
p2.lxd.home. 3600 IN SOA p2.lxd.home. ns1.lxd.home. 1669808559 120 60 86400 30
And finally the reverse zone 233.165.10.in-addr.arpa which belongs to the default project, but will generate PTR records for all active addresses that have an associated forward zone (in all projects) for networks that have this zone set. The PTR target will use the address’ associated forward zone name.
dig @127.0.0.1 axfr 233.165.10.in-addr.arpa
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @127.0.0.1 axfr 233.165.10.in-addr.arpa
; (1 server found)
;; global options: +cmd
233.165.10.in-addr.arpa. 3600 IN SOA 233.165.10.in-addr.arpa. ns1.233.165.10.in-addr.arpa. 1669808750 120 60 86400 30
233.165.10.in-addr.arpa. 300 IN NS ns1.233.165.10.in-addr.arpa.
1.233.165.10.in-addr.arpa. 300 IN PTR lxdbr0.gw.lxd.home.
117.233.165.10.in-addr.arpa. 300 IN PTR c1.lxd.home.
104.233.165.10.in-addr.arpa. 300 IN PTR c1p1.p1.lxd.home.
99.233.165.10.in-addr.arpa. 300 IN PTR c1p2.p2.lxd.home.
233.165.10.in-addr.arpa. 3600 IN SOA 233.165.10.in-addr.arpa. ns1.233.165.10.in-addr.arpa. 1669808750 120 60 86400 30
So now in your upstream DNS server you can setup delegated zones for each project.