2

I need to set up dnsmasq to offer DHCP (and optionally DNS) to VMs running on the localhost only, and not to any other systems doing a DHCP Discover that are external to the box running dnsmasq. Do I just set the options:

interface=lo0
bind-interfaces

Or is there other config that is needed?

Will Dennis
  • 304
  • 4
  • 16

1 Answers1

1

Listening on the loopback interface will probably not work, because your virtual machines are not attached to the loopback interface (so dnsmasq will not see their DHCP requests).

You will need dnsmasq to listen on the interface to which your virtual machines are attached. Typically, this will be a bridge interface. Without seeing how your system is configured it's difficult to offer a more detailed answer.

If you are using libvirt, then by default (at least under RedHat-ish systems) you get a dnsmasq instance listening on virbr0 that start up like this:

/sbin/dnsmasq --strict-order --local=// --domain-needed \
  --pid-file=/var/run/libvirt/network/default.pid \
  --conf-file= --except-interface lo --bind-dynamic --interface virbr0 \
  --dhcp-range 192.168.122.2,192.168.122.254 \
  --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases \
  --dhcp-lease-max=253 --dhcp-no-override
larsks
  • 43,623
  • 14
  • 121
  • 180
  • The trouble with this is that the bridge will have the `eth0` int as a part of it (i.e. the network interface that connects the hypervisor to the network will be a part of the same bridge that the VMs are connected to...) I don't want the possibility of the hypervisor host running dnsmasq to provide DHCP to the network that the hypervisor host is connected to. – Will Dennis Aug 02 '13 at 15:56
  • So don't bridge your VM instances to `eth0`. Keep them on an internal private network and *route* them to the outside world instead of bridging. – larsks Aug 02 '13 at 16:25
  • this will not work for our design. But now I understand (at least I *think* I understand) that what I want is not possible if the hypervisor and the VMs are all on the same network. – Will Dennis Aug 02 '13 at 19:57
  • 1
    You could configure `dnsmasq` to only respond to known MAC addresses (and then add explicit leases for each vm). – larsks Aug 02 '13 at 19:58