Hi all,
TL;DR: What is the recommended way to do custom dnsmasq configuration under LXD 3.0.3 (host is Ubuntu 18.04) ? Can I just add any dnsmasq directives to /etc/dnsmasq.d/lxd
or is there another way?
Full story: I have an LXD container that is running a mail-server with rspamd, which is querying various DNSBL servers every time a new e-mail is received. However, those DNSBL queries get blocked, because the host (Ubuntu 18.04 with LXD 3.0.3) is forwarding all its DNS queries to Google DNS (8.8.8.8):
2020-08-19 04:20:09 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2020-08-19 04:20:09 #11338(controller) rspamd_log_reset_repeated: Last message repeated 7 times
2020-08-19 04:34:10 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
2020-08-19 04:44:55 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
The dnsmasq process on the host looks like this:
lxd 2613 0.0 0.0 53236 2268 ? S Aug07 1:04 dnsmasq --strict-order --bind-interfaces --pid-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.pid --except-interface=lo --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=10.166.77.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/lib/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range 10.166.77.2,10.166.77.254,192h --listen-address=fd42:xx:yy:zz::1 --enable-ra --dhcp-range ::,constructor:lxdbr0,ra-stateless,ra-names -s lxd -S /lxd/ --conf-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.raw -u lxd
As far as I understand, LXD’s dnsmasq is running on the lxdbr0 bridge and forwards all incoming DNS queries to the host’s systemd-resolve running on 127.0.0.53 as configured in /etc/resolv,conf
, which in turn forwards them to Google DNS (8.8.8.8) as configured in /etc/systemd/resolved.conf
.
I know that dnsmasq supports routing DNS queries for specific domains to specific DNS servers by using the server= directive e.g.
server=/ajax.googleapis.com/8.8.8.8
# would query the google public DNS server for the ajax.googleapis.com domain
so is it OK if I put server= directives in /etc/dnsmasq.d/lxd
?
Thank you in advance for your insights,
KP