从 v5.6.0 开始,libvirt添加了一个dnsmasq命名空间element,它允许直接向底层 dnsmasq 服务器指定选项。我想使用该选项为我的应用程序创建通配符 DNS 条目。因此我使用了virsh net-edit,更改<network>为<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>并添加了以下选项:
<dnsmasq:options>
<dnsmasq:option value='cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
</dnsmasq:options>
此后,网络重新启动(virsh net-destroy && virsh net-start),目标虚拟机也重新启动(virsh destroy && virsh start)。
完美运行cname=boards.cnx65-k8s.hobel.internal:
$ dig +short boards.cnx65-k8s.hobel.internal @192.168.10.1
cnx65-k8s.hobel.internal.
192.168.10.136
但dig +short x.app.cnx65-k8s.hobel.internal @192.168.10.1无法解析任何 IP 地址。生成的配置文件/var/lib/libvirt/dnsmasq/hobel.internal.conf末尾包含两个 cname 条目:
strict-order
user=libvirt-dnsmasq
local=/hobel.internal/
domain=hobel.internal
expand-hosts
pid-file=/run/libvirt/network/hobel.internal.pid
except-interface=lo
bind-dynamic
interface=virbr1
dhcp-range=192.168.10.10,192.168.10.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=245
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/hobel.internal.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/hobel.internal.addnhosts
cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal
cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal
根据这个答案,我在选项中添加了auth-server和:interface-name
<dnsmasq:options>
<dnsmasq:option value='cname=boards.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='cname=*.app.cnx65-k8s.hobel.internal,cnx65-k8s.hobel.internal'/>
<dnsmasq:option value='auth-server=cnx65-k8s.hobel.internal,virbr1'/>
<dnsmasq:option value='interface-name=cnx65-k8s.hobel.internal,virbr1'/>
</dnsmasq:options>
但x.app.cnx65-k8s.hobel.internal还是没有解决:
$ dig x.app.cnx65-k8s.hobel.internal @192.168.10.1
; <<>> DiG 9.16.1-Ubuntu <<>> x.app.cnx65-k8s.hobel.internal @192.168.10.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43624
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;x.app.cnx65-k8s.hobel.internal. IN A
;; Query time: 0 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Sat Jul 03 12:14:05 CEST 2021
;; MSG SIZE rcvd: 59
为什么这不管用?甚至官方libvirt文档列出 cname 通配符条目作为示例:
<dnsmasq:option value="cname=*.foo.example.com,master.example.com"/>
答案1
我认为您的 dnsmasq 配置存在问题;可能是接口名称?看起来您可以使用通配符。假设我的default网络配置如下:
<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0' connections='1'>
<name>default</name>
<uuid>34eaa498-ba0f-4762-a0f9-27f53dd07687</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:5d:a7:ff'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
<dnsmasq:options>
<dnsmasq:option value='cname=foo.example.com,master.example.com'/>
<dnsmasq:option value='cname=*.foo.example.com,master.example.com'/>
<dnsmasq:option value='auth-zone=example.com'/>
<dnsmasq:option value='auth-server=example.com,*'/>
</dnsmasq:options>
</network>
我最终得到的结果/var/lib/libvirt/dnsmasq/default.conf如下:
strict-order
pid-file=/run/libvirt/network/default.pid
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
cname=foo.example.com,master.example.com
cname=*.foo.example.com,master.example.com
auth-zone=example.com
auth-server=example.com,*
以下查询从连接到该网络的虚拟机运行:
[root@example-vm ~]# dig +short foo.example.com
master.example.com.
[root@example-vm ~]# dig +short a.foo.example.com
master.example.com.
[root@example-vm ~]# dig +short b.foo.example.com
master.example.com.
正如预期的那样,它没有返回任何内容:
[root@example-vm ~]# dig +short bar.example.com
(测试在 Fedora 34 上运行,使用 libvirt-7.0.0-4.fc34.x86_64 和 dnsmasq-2.85-1.fc34.x86_64)