2

I have KVM based VMs running on my laptop and the VMs getting names resolved via KVM's dnsmasq DNS server. However the KVM's dnsmasq DNS server resolves also names in the hosts /etc/hosts file which causes me some troubles. Therefore I want to change to configuration that the /etc/hosts file of the KVM server is not used for name resolution.

As per dnsmasq's help this should be possible using the -h or --no-hosts option however I've not found a way to configure KVMs dnsmask properly. virsh net-edit allows me to edit the configuration XML however it is not clear how to set the -h or --no-hosts option there.

hhue13
  • 23
  • 3

1 Answers1

0

Method 1

The easiest way to solve this is by setting an acl on /etc/hosts which forbids the dnsmasq user access to the file. On debian this user is nobody, on ubuntu it is libvirt-dnsmasq.

You can set an acl like this:

setfacl -m user:nobody:--- /etc/hosts

Method 2

However, if you have a very new libvirt version (not yet available on debian buster), there is now official support for this:

Libvirt v5.6.0 (2019-08-05) added support for passing custom options to dnsmasq.

From the documentation:

A special XML namespace is available for passing options directly to the underlying dnsmasq configuration file. Usage of XML namespaces comes with no support guarantees, so use at your own risk.

This example XML will pass the option strings foo=bar and cname=*.foo.example.com,master.example.com directly to the underlying dnsmasq instance.

<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
  ...
  <dnsmasq:options>
    <dnsmasq:option value="foo=bar"/>
    <dnsmasq:option value="cname=*.foo.example.com,master.example.com"/>
  </dnsmasq:options>
</network>

So, I would try this:

<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
  ...
  <dnsmasq:options>
    <dnsmasq:option value="no-hosts"/>
  </dnsmasq:options>
</network>
Zulakis
  • 4,153
  • 14
  • 48
  • 76