Hello guys,
On "Linux msi-ge60-ubuntu 4.2.0-23-generic #28-Ubuntu SMP Sun Dec 27 17:47:31 UTC 2015 x86_64", I'm trying to solve an issue or misconfiguration of DNS client over multiple network interfaces inside a KVM virtual machine:
Code:
# NAT interface - IP address allocated in the 192.168.122.0/24 subnet
auto eth0
iface eth0 inet dhcp
# Isolated network internal interface - IP address allocated in the 172.19.100.0/24 subnet
auto eth1
iface eth1 inet dhcp
# Isolated network internal interface - IP address allocated in the 172.20.100.0/24 subnet
auto eth2
iface eth2 inet dhcp
Now, the goal is 4-fold:
- to dismiss the ISP DNS server (returned by their DHCP server),
- to avoid the host (on which this VM is running) DNS resolver, otherwise the VM sends a query to each DNS server (local & remote) and closes the previous opened port each time it generates a new query, thus generating an ICMP port unreachable as soon as it receives the response to the first query - this sounds like a bug to me or I'm missing a special tweak somewhere
- to always use Google's DNS server,
- to send all DNS queries over the main interface eth0 only.
To achieve that, we need to configure resolvconf; when we look at resolvconf & its configuration manual online, it points to openresolv package instead of resolvconf. It seems that the latter has been replaced by the former in the last versions of Ubuntu; we cannot have both packages at the same time.
However, my host had only resolvconf package installed because it is a dependency of ubuntu-minimal. So in order to completely uninstall resolvconf, I had to uninstall ubuntu-minimal as well, which is not advised. So the only way out is to uninstall resolvconf, and remove all its configuration files manually.
All this could be have been avoided if ubuntu-minimal depended on openresolv instead of resolvconf...
Anyway, here's the /etc/resolvconf.conf I've come up with:
Code:
##########################################################################################
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
# Changes to this file should be updated by "resolvconf -u" to apply the new configuration.
##########################################################################################
resolv_conf=/etc/resolv.conf
# Setting the DNS server
name_servers=8.8.4.4
# Ignoring the DNS server(s) advertised by local host DHCP server
name_server_blacklist=192.168.*
# Removing "search lan" and other unneeded entries from resolv.conf - virtual-bridge-1 & virtual-bridge-2 are the last 2 host internal interfaces used by the VM
replace="search/lan/ search/virtual-bridge-1/ search/virtual-bridge-2/ domain/virtual-bridge-1/ domain/virtual-bridge-2/"
# Mirroring the Debian package defaults for the below resolvers
# so that resolvconf integrates seamlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf
The result is not a success; the /etc/resolv.conf contains:
Code:
# Generated by resolvconf
nameserver 127.0.0.1
But a single DNS tentative resolution from the VM (named Ubuntu-Gnome-Server) leads to multiple unsuccessful DNS network queries due to the bug already mentioned earlier in the "4-fold goal/2":
Wireshark traffic trace
However, if I remove the last 2 interfaces and leave only the NAT interface on that VM, DNS works almost perfectly with the same "/etc/resolvconf.conf", although there are 2 queries instead of one; one from the host, and one from the guest VM and Google's DNS server responds to each of them:
Wireshark traffic trace
Any advice will be appreciated.
Bookmarks