LXC 2.0 + lxc-net + DHCP server in a container?

Hey all!

Recently delving into LXC 2.0 on Debian Stretch via https://wiki.debian.org/LXC

The host running LXC essentially has three interfaces. Internal, external, and the LXC bridge network set by lxc-net. It provides NAT services from internal to external via iptables.

I have a container I’d like to host DHCP services for internal. (It’s actually Pi-Hole, so it’s running dnsmasq). My problem is that the dnsmasq instance run by lxc-net is giving me problems trying to relay DHCP from internal to the pi-hole container.

I can’t run a simple dhcp-helper, since it tries to bind all interfaces and conflicts with that instance of dnsmasq. Not a lot of options for dhcp-helper.

I attempted to add relay to the dnsmasq config from internal to the Pi-Hole container via setting LXC_DHCP_CONFILE and setting options there, but this doesn’t work. I can see requests getting forwarded, and replies from the container, but dnsmasq fails to relay the reply back to internal. I suspect this is not a valid dnsmasq config (relaying to a host on the same network where dnsmasq is authoritative).

Any ideas on how to achieve this? I’d be happy with no DHCP for my containers, but there is no option in lxc-net to disable the DHCP server. I suppose I could stop using lxc-net and just do all the networking manually, but was hoping for something more straight forward.

TL;DR – How can I use lxc-net and serve DHCP from a container on that bridge interface to another network?