TL;DR: What is the recommended way to do custom dnsmasq configuration under LXD 3.0.3 (host is Ubuntu 18.04) ? Can I just add any dnsmasq directives to
/etc/dnsmasq.d/lxd or is there another way?
Full story: I have an LXD container that is running a mail-server with rspamd, which is querying various DNSBL servers every time a new e-mail is received. However, those DNSBL queries get blocked, because the host (Ubuntu 18.04 with LXD 3.0.3) is forwarding all its DNS queries to Google DNS (22.214.171.124):
2020-08-19 04:20:09 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume 2020-08-19 04:20:09 #11338(controller) rspamd_log_reset_repeated: Last message repeated 7 times 2020-08-19 04:34:10 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume 2020-08-19 04:44:55 #11338(controller) <imhkkk>; monitored; rspamd_monitored_dns_cb: DNS query blocked on multi.uribl.com (127.0.0.1 returned), possibly due to high volume
The dnsmasq process on the host looks like this:
lxd 2613 0.0 0.0 53236 2268 ? S Aug07 1:04 dnsmasq --strict-order --bind-interfaces --pid-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.pid --except-interface=lo --interface=lxdbr0 --quiet-dhcp --quiet-dhcp6 --quiet-ra --listen-address=10.166.77.1 --dhcp-no-override --dhcp-authoritative --dhcp-leasefile=/var/lib/lxd/networks/lxdbr0/dnsmasq.leases --dhcp-hostsfile=/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts --dhcp-range 10.166.77.2,10.166.77.254,192h --listen-address=fd42:xx:yy:zz::1 --enable-ra --dhcp-range ::,constructor:lxdbr0,ra-stateless,ra-names -s lxd -S /lxd/ --conf-file=/var/lib/lxd/networks/lxdbr0/dnsmasq.raw -u lxd
As far as I understand, LXD’s dnsmasq is running on the lxdbr0 bridge and forwards all incoming DNS queries to the host’s systemd-resolve running on 127.0.0.53 as configured in
/etc/resolv,conf , which in turn forwards them to Google DNS (126.96.36.199) as configured in
I know that dnsmasq supports routing DNS queries for specific domains to specific DNS servers by using the server= directive e.g.
server=/ajax.googleapis.com/188.8.131.52 # would query the google public DNS server for the ajax.googleapis.com domain
so is it OK if I put server= directives in
Thank you in advance for your insights,