Open JPvRiel opened 7 years ago
Thanks so much, this fixed my issue where landrush can't resolve outside domains from inside the guest.
config.landrush.guest_redirect_dns = false
Seems like theres a few issues right now with landrush and vagrant etc, would be nice when they are resolved.
For now at least I can confirm that this works with: Vagrant 1.8.7 Version 5.1.10 r112026 (Qt5.6.2) landrush (1.2.0)
TL;DR, I think recursive DNS limitations with landrush can cause pain on Linux when using dnsmasq with libvirt and NetworkManager, and the default of guest redirection via iptables to use the landrush.
Key issue from VM guest with landrush defaults
Workaround
config.landrush.guest_redirect_dns = false
avoids the pain!But then, when set to false:
Workaround side-effect on VM server host resolution
Here's an example where, with
false
, form within a guest, it doesn't resolve the VM host server IP correctly.And the default
true
:Potentially Related Issues
Originally, I had the same symptoms as #198. No matter which host I ping, landrush seemed to end up 'wildcarding' the FQDNs of external hosts and appending the configured 'local' TLD (in my case, vagrant.test). Might be to do with
search vagrant.test
being put into/etc/resolve.conf
for guests...And then there are extra complications noted... which relate more to #252 and possibly #174.
More or less default / minimal config causes this upstream DNS resolution bug
A fair bit of verbose context/info - jump down to the dig command that backs up what I saw in network packet captures. landrush DNS (with my stack) can't handle recursive queries.
Vagrantfile
:/etc/NetworkManager/dnsmasq.d/vagrant-landrush
(because Ubuntu, like Fedora, ships with NetworkManager, which already has dnsmasq plugged in)libvirt provides DNS on the
virbr1
network spooled up by the vagrant libvirt provider. On the guest VM:libvirt is also using dnsmasq... So yay, three layers of dnsmasq that need to play nice together, landrush -> libvirt -> NetworkManager :-/
On the host, various DNS services are listening
By the way, not sure why landrush decides to run on all interfaces!? 0.0.0.0? Why not just the network vagrant is provisioning (i.e. 192.168.121.1). Maybe something to do with
config.landrush.host_redirect_dns
(and I should probably file a separate bug for this, I digress)Checking what happened with iptables on the VM host shows another potential mess with multiple allows for both UDP and TCP.
And on the guest
On the host, www.google.com resovles fine via libvirts dns, e.g.
On the libvirt guest, it fails, oddly, with the TLD appended:
When doing a packet trace on the
virbr1
(vagrant provisioned) interface of the VM host, withnslookup
from the guest (192.168.121.102), I observed multiple DNS query attempts:www.google.com: type A, class IN
to landrush DNS on host (port 10053) listening on all interfaces, including the VM host interface (192.168.121.1)0x0100
flags0x8502
flagswww.google.com.vagrant.test: type A, class IN
Quereis didn't make it to 127.0.1.1:53 (NetworkManager's dnsmasq, and later I also test upstream)
When using
nslookup
, from the host, I noticed this (working) behaviour where queries did make it to 127.0.1.1:53 (the NetworkManager's dnsmasq):Reading the man page for dnsmasq, I noticed the following:
So at a guess, landrush -> libvirt -> NetworkManager causes issues with a recursive DNS query? To confirm this, I also poked at landrush from the VM host:
I also hacked in
config.landrush.upstream '127.0.1.1'
to explicitly get landrush to target NetworkManager's dnsmasq, but no luck. Also tried real upstream DNS servers found via:Doesn't work. Seems landrush doesn't pass on recursive DNS, even directly to upstream!
All the above, was with the following setup (I try keep to base/stable repo's as far as possible):