Configure dnsmasq to passthrough search domain to LXC guest? (Ubuntu 16.04)

Question

Our network relies on DHCP tags to route clients to the correct upstream hosts without having to know the FQDN of those hosts. We use dnsmasq to set tags for clients by MAC address and then we push different search domains to the clients based on the tag. For example, we have these two lines in dnsmasq.conf:

dhcp-option=tag:foo,option:domain-search,foo.company.net
dhcp-host=00:11:22:33:44:55,foo-client,set:foo

Here, when foo-client tries to access any unqualified hosts, it will try looking at <unqualified-hostname>.foo.company.net.

Some of the client machines are also running services inside of an LXC container. The container gets its networking information assigned by a local instance of dnsmasq running on the LXC host, which is the default method for DNS/DHCP of LXC guests. The LXC guest then gets an IP address on a local NAT network.

The trouble comes from our tagging scheme. The LXC guests don't get the search domain pushed to them because they're not receiving DCHP from our main network-wide DHCP server. The LXC guests can ping IP addresses on the wider network, but DNS resolution with the search domain fails. If I manually set the correct search domain, then resolution works as expected.

Is there a way to pass through that search domain from the host to the guest?

Note, we are NOT running lxd.

Remember that it's best practice to use FQDNs everywhere. The search domain is not reliable for a variety of reasons. — Michael Hampton, Jan 11 '18 at 21:04

score 0 · Accepted Answer · answered Jan 22 '18 at 21:10

So I didn't find an exact solution to this, but I did find a workaround. Basically LXC can run a script on the guest before bringing the network up. This configuration option is called lxc.network.script.up. I used this feature to copy DNS information from the host:

#!/bin/bash

CONTAINER=$1
SECTION=$2
OPERATION=$3
NAMESERVER=$(grep nameserver /etc/resolv.conf  | sed 's/^nameserver //g')
SEARCHDOMAIN=$(grep search /etc/resolv.conf  | sed 's/^search //g')

cat > /var/lib/lxc/$CONTAINER/rootfs/etc/network/interfaces <<EOF

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
dns-search $SEARCHDOMAIN
dns-nameservers $NAMESERVER
EOF

I placed this script in /var/lib/lxc/guest/setup-dns.sh and added the following line to /var/lib/lxc/guest/config:

lxc.network.script.up = /var/lib/lxc/guest/setup-dns.sh

After doing these steps, the guest comes up and has DNS and search path options properly set.

Configure dnsmasq to passthrough search domain to LXC guest? (Ubuntu 16.04)

1 Answers1