LXD via snapd disable dnsmasq

lxd
snap

#1

Hello,

I'm running LXD on Debian Stretch, installed via snapd. On the host I'm also running a bind9 recursive DNS server, which I'd like to use for DNS resolution in the containers. It seems like the snapd lxd package somehow includes the dnsmasq server, but it's not installed as a separate package.

  • How do I completely disable the dnsmasq server and use the bind9 server instead? (I'm fine with configuring the network adapters by hand for this)
  • How do I configure (where's the configuration stored) the dnsmasq that comes with snapd to e.g. forward all the DNS queries to my bind9 DNS?

Thanks in advance,
best regards


(St├ęphane Graber) #2

dnsmasq is used for DNS, IPv6 RA and DHCP on the containers and is spawned as long as ipv4.address or ipv6.address is set on a LXD managed bridge.

Assuming you went with the defaults, you should have a network called "lxdbr0" for which you can see the details with:

lxc network show lxdbr0

To completely disable dnsmasq, you'll need to remove that LXD managed bridge with:

lxc network delete lxdbr0

At which point your containers won't have a bridge to connect to anymore, so you'll need to set it up yourself outside of LXD, possibly including running a DHCP server on it too.

To configure LXD's dnsmasq for options which we don't directly offer (see https://github.com/lxc/lxd/blob/master/doc/networks.md), you can set the "raw.dnsmasq" property of the bridge which is a free-form blob of text that gets appended to the dnsmasq configuration.

lxc network set lxdbr0 raw.dnsmasq - < some-dnsmasq.conf

#3

Thanks for the reply. That helped a lot and pointed me in the right direction

For anyone else also interested in this I added another bridge device to my /etc/networking/interfaces

iface lxd-nat-bridge inet static
    bridge_ports none
    bridge_fd 0
    address 10.0.3.1
    netmask 255.255.255.0

and allowed the subnet to access the internet by nat'ing it with
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o br0 -j MASQUERADE

bring it up using e.g.
ifup lxd-nat-bridge

and added it to the default profile
lxc network attach-profile lxd-nat-bridge default

To get also get a DHCP server and to assign IPs (statically in a convenient way) without accessing the container I used isc-dhcp-server, there are several guides online.


(St├ęphane Graber) #4

Hmm, you shouldn't run the "lxc network create lxd-nat-bridge" part as that will have LXD create a new managed bridge called with the same name and so quite likely messing with the one you defined in /etc/network/interfaces.

Instead you should define it in /etc/network/interfaces, then make sure it exists ("ifup -a") at which point you can go straight to:

lxc network attach-profile lxd-nat-bridge default

And LXD will be perfectly happy to add your un-managed (as far as LXD is concerned) bridge to your profile.


#5

You're totally right! I should've checked my shell history more carefully.
Defining the network manually, bringing it up and adding with lxd network create would give you an error (or create a managed interface if executed before bringing up the interface).

I updated the previous post