LXD via snapd disable dnsmasq

AnonymousAlligator · August 23, 2017, 7:16pm

Hello,

I’m running LXD on Debian Stretch, installed via snapd. On the host I’m also running a bind9 recursive DNS server, which I’d like to use for DNS resolution in the containers. It seems like the snapd lxd package somehow includes the dnsmasq server, but it’s not installed as a separate package.

How do I completely disable the dnsmasq server and use the bind9 server instead? (I’m fine with configuring the network adapters by hand for this)
How do I configure (where’s the configuration stored) the dnsmasq that comes with snapd to e.g. forward all the DNS queries to my bind9 DNS?

Thanks in advance,
best regards

stgraber · August 23, 2017, 7:42pm

dnsmasq is used for DNS, IPv6 RA and DHCP on the containers and is spawned as long as ipv4.address or ipv6.address is set on a LXD managed bridge.

Assuming you went with the defaults, you should have a network called “lxdbr0” for which you can see the details with:

lxc network show lxdbr0

To completely disable dnsmasq, you’ll need to remove that LXD managed bridge with:

lxc network delete lxdbr0

At which point your containers won’t have a bridge to connect to anymore, so you’ll need to set it up yourself outside of LXD, possibly including running a DHCP server on it too.

To configure LXD’s dnsmasq for options which we don’t directly offer (see https://github.com/lxc/lxd/blob/master/doc/networks.md), you can set the “raw.dnsmasq” property of the bridge which is a free-form blob of text that gets appended to the dnsmasq configuration.

lxc network set lxdbr0 raw.dnsmasq - < some-dnsmasq.conf

AnonymousAlligator · August 27, 2017, 12:14pm

Thanks for the reply. That helped a lot and pointed me in the right direction

For anyone else also interested in this I added another bridge device to my /etc/networking/interfaces

iface lxd-nat-bridge inet static
    bridge_ports none
    bridge_fd 0
    address 10.0.3.1
    netmask 255.255.255.0

and allowed the subnet to access the internet by nat’ing it with
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o br0 -j MASQUERADE

bring it up using e.g.
ifup lxd-nat-bridge

and added it to the default profile
lxc network attach-profile lxd-nat-bridge default

To get also get a DHCP server and to assign IPs (statically in a convenient way) without accessing the container I used isc-dhcp-server, there are several guides online.

stgraber · August 28, 2017, 4:10am

Hmm, you shouldn’t run the “lxc network create lxd-nat-bridge” part as that will have LXD create a new managed bridge called with the same name and so quite likely messing with the one you defined in /etc/network/interfaces.

Instead you should define it in /etc/network/interfaces, then make sure it exists (“ifup -a”) at which point you can go straight to:

lxc network attach-profile lxd-nat-bridge default

And LXD will be perfectly happy to add your un-managed (as far as LXD is concerned) bridge to your profile.

AnonymousAlligator · August 29, 2017, 4:41pm

You’re totally right! I should’ve checked my shell history more carefully.
Defining the network manually, bringing it up and adding with lxd network create would give you an error (or create a managed interface if executed before bringing up the interface).

I updated the previous post

erik_lonroth · May 24, 2021, 6:36pm

I’m using lxd currently with juju with great success. Its really, really a game changer and I absolutely love it.

A few years ago, I managed to set the snapped version of lxd up in such a way that is absolutely behaves perfectly. However, at this point, I can’t remember exactly how I set it up and I now would like to re-create it.

I have a working setup, and basically just need some help to structurally get back an identical setup.

I have a router which I would like to take care of the DNS and address-assignment. E.g. not have the snapped version of lxd do this. This is great since the rest of the network will know about all the hosts.

This is how the network seems setup (which works):

root@iceberg:~# lxc network show lxdbr0
config: {}
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/caspians-dator
- /1.0/instances/cus
- /1.0/instances/juju-489a4d-0
- /1.0/instances/juju-530f52-0
- /1.0/instances/juju-554e9d-4
- /1.0/instances/juju-554e9d-5
- /1.0/instances/juju-554e9d-6
- /1.0/instances/juju-a00094-0
- /1.0/instances/juju-f4cf5f-4
- /1.0/instances/juju-f4cf5f-5
- /1.0/instances/juju-fe5353-0
- /1.0/profiles/default
managed: false
status: ""
locations: []

I think the key “managed”: false is the key element here?

I have my working bridge defined in /etc/netplan/00-installer-config.yaml

# This is the network config written by 'subiquity'
network:
  version: 2
  ethernets:
    ens5f0:
      dhcp4: no
      dhcp6: no
    
  bridges:
    lxdbr0:
      interfaces: [ vlan2 ]
      addresses: [ 192.168.2.2/24 ]
      gateway4: 192.168.2.1
      nameservers:
        addresses:
        - 192.168.2.1
        search:
        - garage.lonroth.net
      parameters:
        stp: true
        forward-delay: 4
      dhcp4: no
      dhcp6: no
 
  vlans:
    vlan2:
      id: 2
      link: ens5f0

Together, this seems to work perfectly. All my containers gets IP and DNS names and life is beautiful.

So, apart from the netplan, how would I go ahead and make lxd abandon the local dnsmasq and let my router/dns take care of that?

Do I need to do something more to re-create my fabulous setup =D ?

tomp · May 25, 2021, 1:23pm

With managed=false LXD won’t be starting dnsmasq, and will be relying on the external bridge’s network to provide DHCP and DNS services.