Hello,
In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain?
Thank you.
Hm, I'm not quite sure how this is intended to work. This is for resolving VM hostnames into IP addresses? How exactly does it work prior to systemd-resolved? E.g. lets say I have a libvirt VM named "f33", should it be possible to resolve that name somehow from the host system?
Can you do what you want using https://www.freedesktop.org/wiki/Software/systemd/resolved/ ? Maybe SetLinkDNS for the bridge interface? But you would also need to call SetLinkDomains to ensure queries for a particular domain go to the bridge interface (otherwise, nothing will). You could theoretically, for instance, claim a .libvirt domain, then resolve "f33.libvirt" to the VM's IP?
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq.
On 2020-10-06 at 22:04 CEST, Juan Orti Alcaine wrote...
Hello,
In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain?
Thank you. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
On Tue, Oct 06, 2020 at 10:04:19PM +0200, Juan Orti Alcaine wrote:
Hello,
In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain?
Related, there is nss-mymachines: https://www.freedesktop.org/software/systemd/man/nss-mymachines.html
It resolves IPs of instances registered with machined. Libvirt already registers virtual machines with machined. But as I see, libvirt does not provide IP addresses during registration. Maybe this could be fixed?
El mié., 7 oct. 2020 a las 2:22, Michael Catanzaro (mcatanzaro@gnome.org) escribió:
Hm, I'm not quite sure how this is intended to work. This is for resolving VM hostnames into IP addresses? How exactly does it work prior to systemd-resolved? E.g. lets say I have a libvirt VM named "f33", should it be possible to resolve that name somehow from the host system?
Can you do what you want using https://www.freedesktop.org/wiki/Software/systemd/resolved/ ? Maybe SetLinkDNS for the bridge interface? But you would also need to call SetLinkDomains to ensure queries for a particular domain go to the bridge interface (otherwise, nothing will). You could theoretically, for instance, claim a .libvirt domain, then resolve "f33.libvirt" to the VM's IP?
My use case is, I have the bridge 'laptop-lab' created with libvirt:
<network> <name>laptop-lab</name> <uuid>23997a64-b242-4a32-8ef6-4e0c36e16598</uuid> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <bridge name='laptop-lab' stp='on' delay='0'/> <mac address='52:54:00:8d:77:d9'/> <domain name='laptop.lab' localOnly='yes'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.128' end='192.168.100.254'/> </dhcp> </ip> </network>
Previously, I used dns=dnsmasq in NetworkManager to indicate that the domain 'laptop.lab' resolves through this dnsmasq instance:
/etc/NetworkManager/conf.d/00-use-dnsmasq.conf:
[main] dns=dnsmasq
/etc/NetworkManager/dnsmasq.d/laptop_lab.conf:
server=/laptop.lab/192.168.100.1
I'd like to do something similar in systemd-resolved, and indeed this works fine:
# resolvectl dns laptop-lab 192.168.100.1 # resolvectl domain laptop-lab laptop.lab
But this configuration is lost after a reboot, and the configuration file is not expressive enough to indicate a dns and domain on a link. A way to do this automatically would be greatly appreciated, but I guess it doesn't exist at the moment.
On Tue, Oct 06, 2020 at 07:21:40PM -0500, Michael Catanzaro wrote:
Hm, I'm not quite sure how this is intended to work. This is for resolving VM hostnames into IP addresses? How exactly does it work prior to systemd-resolved? E.g. lets say I have a libvirt VM named "f33", should it be possible to resolve that name somehow from the host system?
That is possible with libvirt's NSS module:
Regards, Daniel
On Wed, Oct 07, 2020 at 06:55:32AM +0200, Tomasz Torcz wrote:
On Tue, Oct 06, 2020 at 10:04:19PM +0200, Juan Orti Alcaine wrote:
Hello,
In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain?
Related, there is nss-mymachines: https://www.freedesktop.org/software/systemd/man/nss-mymachines.html
It resolves IPs of instances registered with machined. Libvirt already registers virtual machines with machined. But as I see, libvirt does not provide IP addresses during registration. Maybe this could be fixed?
IP addresses are not known at time of registration, but libvirt's own NSS module can be used instead.
Regards, Daniel
On 10/7/20 6:44 AM, Pavel Zhukov wrote:
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq.
That is not true. Any query sent to @192.168.122.1 would get reply. I use for example unbound on localhost and all my machines use .vm. domain suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically lease names of all its dhcp clients, it works as dynamic DNS connected with DHCP just out of the box.
unbound-control forward_add +i vm 192.168.122.1
Or permanent configuration in /etc/unbound/conf.d/vm.conf: server: domain-insecure: "vm" domain-insecure: "122.168.192.IN-ADDR.ARPA"
forward-zone: name: "vm" forward-addr: 192.168.122.1 forward-first: no
forward-zone: name: "122.168.192.IN-ADDR.ARPA" forward-addr: 192.168.122.1 forward-first: no
Then I used in virsh edit-network default, inside <network> element: <domain name='vm' localOnly='yes'/>
dnsmasq is not full resolver, just like systemd-resolver. It just forwards queries it does not have answer to /etc/resolv.conf forwarders. If systemd-resolved does not running on the host, it also offers working DNSSEC environment to all VMs.
Since systemd-resolved can do split DNS, it is able to do that also. But it seems current domain redirection is private API for NM. It might work:
resolvectl domain virbr0 ~vm
But haven't tested it. I am not sure how permanent configuration should look like in resolved.conf. Can it be configured to forward specific domain to specific server? It seems to me it expects such think only per interface, which might work with libvirt too.
On 2020-10-06 at 22:04 CEST, Juan Orti Alcaine wrote...
Hello,
In the network bridges that libvirt creates there's a dnsmasq daemon to resolve the VM's IPs. Is there any way to signal systemd-resolved from libvirt to say that in the bridge interface there is a DNS server and a domain?
Thank you.
El mié., 7 oct. 2020 a las 10:35, Petr Menšík (pemensik@redhat.com) escribió:
On 10/7/20 6:44 AM, Pavel Zhukov wrote:
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq.
That is not true. Any query sent to @192.168.122.1 would get reply. I use for example unbound on localhost and all my machines use .vm. domain suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically lease names of all its dhcp clients, it works as dynamic DNS connected with DHCP just out of the box.
I've created a libvirt hook to do the integration I was looking for. This works for me:
/etc/libvirt/hooks/network.d/laptop-lab.sh
#!/bin/bash set -o nounset
object="$1" operation="$2" suboperation="$3" extra="$4"
if [ "$object" == "laptop-lab" ]; then if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then /usr/bin/resolvectl dns laptop-lab 192.168.100.1 /usr/bin/resolvectl domain laptop-lab laptop.lab /usr/bin/resolvectl dnssec laptop-lab no fi fi
Hi all,
I’m working on an update of the Fedora Server virtlib documentation (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), specifically the part about the DNS configration.
I would like to include and integrate the solutions presented in this thread by Daniel Berrange and by Juan Alcaine. But unfortunately none of the solutions worked in my test installations. I would be grateful if I could get some hints on what I might have missed.
The main challenge is to enable the host to resolve the internal name of the VMs. For this purpose, the DNS server provided by libvirt must be included in the search path (default virbr0 192.168.122.1). The server itself works fine. If you use dig or nsloookup to assign the servers, the names of the VMs are resolved correctly.
(a) === Installing libvirt-nss. (Daniel Berrange) ===
I did the following
1. dnf install libvirt-nss
2. Modified following the libvirt documentation and the docs included with the files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“
3. executed: authselect apply-changes
4. reboot
Neither using standard DNS without systems-resolved activated nor using systemd-resolved could resolve the internal names of the VM
(b) === using libvirt hook dir to modify systemd-resolved configuration ===
I followed Juan Alcaine's instructions and after booting I got:
(for my homelab domain, served as public here) Link 2 (enp1s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.158.1 DNS Servers: 192.168.158.1 fd00::3681:c4ff:fe14:21b4 DNS Domain: fritz.box
(for my internal domain via libvirt ipv4 only) Link 5 (virbr0) Current Scopes: DNS LLMNR/IPv4 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.122.1 DNS Servers: 192.168.122.1 DNS Domain: fritz.lan
The internal names could be resolved, but with such a long delay that the solution is practically unusable. The „host“ utility provided the internal IPv4 name immediately, but continued searching for several seconds and finally the process was terminated with 2 times of the message ";; connection timed out; no servers could be reached“.
In the systemd-resolved log I found a lot of entries like
Firing regular transaction 50808 for <zbox.fritz.lan IN AAAA> scope dns on virbr0/* (validate=yes).
But virbr0 is ipv4 only.
Any advice greatly appreciated.
Peter
Am 08.10.2020 um 09:33 schrieb Juan Orti Alcaine j.orti.alcaine@gmail.com:
El mié., 7 oct. 2020 a las 10:35, Petr Menšík (pemensik@redhat.com) escribió:
On 10/7/20 6:44 AM, Pavel Zhukov wrote:
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq.
That is not true. Any query sent to @192.168.122.1 would get reply. I use for example unbound on localhost and all my machines use .vm. domain suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically lease names of all its dhcp clients, it works as dynamic DNS connected with DHCP just out of the box.
I've created a libvirt hook to do the integration I was looking for. This works for me:
/etc/libvirt/hooks/network.d/laptop-lab.sh
#!/bin/bash set -o nounset
object="$1" operation="$2" suboperation="$3" extra="$4"
if [ "$object" == "laptop-lab" ]; then if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then /usr/bin/resolvectl dns laptop-lab 192.168.100.1 /usr/bin/resolvectl domain laptop-lab laptop.lab /usr/bin/resolvectl dnssec laptop-lab no fi fi _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
On Fri, Sep 10, 2021 at 04:57:56PM +0200, Peter Boy wrote:
Hi all,
I’m working on an update of the Fedora Server virtlib documentation (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), specifically the part about the DNS configration.
I would like to include and integrate the solutions presented in this thread by Daniel Berrange and by Juan Alcaine. But unfortunately none of the solutions worked in my test installations. I would be grateful if I could get some hints on what I might have missed.
The main challenge is to enable the host to resolve the internal name of the VMs. For this purpose, the DNS server provided by libvirt must be included in the search path (default virbr0 192.168.122.1). The server itself works fine. If you use dig or nsloookup to assign the servers, the names of the VMs are resolved correctly.
(a) === Installing libvirt-nss. (Daniel Berrange) ===
I did the following
dnf install libvirt-nss
Modified following the libvirt documentation and the docs included with the files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“
executed: authselect apply-changes
reboot
Neither using standard DNS without systems-resolved activated nor using systemd-resolved could resolve the internal names of the VM
I think you possibly mis-interpret what the libvirt-nss module is going to be doing here.
Applications on the host will use glibc APIs for resolving host names into IP addresses. GLibc will use the nsswitch config to determine what data sources to use for the host -> IP translation.
Adding "libvirt" to the nsswitch config for "hosts:" simply tells GLibc to talk to the libvirt-nss module to try to resolve a hostname. This doesn't involve DNS at all. libvirt-nss will be queried before GLibc even gets to trying DNS. It also won't affect results reported by systemd-resolved AFAICT.
You don't mention what VM configuration you're using for networking, but basically if you "virsh dumpxlm $guest", then the <interface> element *must* be configured for type=network. If it is using type=bridge or any other option, then the libvirt-nss module has no effect.
Finally, libvirt-nss provides two modules.
- "libvirt" does lookups against the hostname configured by the guest OS when acquiring its DHCP lease. This hostname is either set by the guest OS admin, or can be the hostname in the libvirt network XML config (virsh net-dumpxml default) if you're using fixed host<->ip<->mac mappings.
- "libvirt_guest" does lookups against the guest name known to libvirt in the host. (ie name reported by 'virsh list')
If you want to debug libvirt-nss problems there are two things to try
"virsh domifaddr $GUEST"
if that doesn't report any IP addresses, then the libvirt-nss module won't do anything.
"virsh net-dhcp-leases default"
will meanwhile report all IP addresses known the libvirt's dnsmasq instance currently - domifaddr is just filtering those to extract a specific guest.
Personally I always use the "libvirt_guest" NSS module, so get host lookups using the libvirt guest name, but either NSS module is valid based on your desired outcome.
Regards, Daniel
On 9/10/21 4:57 PM, Peter Boy wrote:
Hi all,
I’m working on an update of the Fedora Server virtlib documentation (https://docs.fedoraproject.org/en-US/fedora-server/virtualization-install/), specifically the part about the DNS configration.
I would like to include and integrate the solutions presented in this thread by Daniel Berrange and by Juan Alcaine. But unfortunately none of the solutions worked in my test installations. I would be grateful if I could get some hints on what I might have missed.
The main challenge is to enable the host to resolve the internal name of the VMs. For this purpose, the DNS server provided by libvirt must be included in the search path (default virbr0 192.168.122.1). The server itself works fine. If you use dig or nsloookup to assign the servers, the names of the VMs are resolved correctly.
No, it does not have to be included in search path. It is just required to forward any subset of names to dns server listening on libvirt's interface.
(a) === Installing libvirt-nss. (Daniel Berrange) ===
I did the following
dnf install libvirt-nss
Modified following the libvirt documentation and the docs included with the files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“
executed: authselect apply-changes
reboot
Neither using standard DNS without systems-resolved activated nor using systemd-resolved could resolve the internal names of the VM
nss modules affects just getaddrinfo() calls from programs, if it uses only glibc to resolve names. Could be tested by "getent hosts <name>" command. Any program using DNS directly, like host or dig, would not be affected by it. Setting up dns forwarding is more work, but would help all programs, no matter how they resolve names to IP addresses.
(b) === using libvirt hook dir to modify systemd-resolved configuration ===
I followed Juan Alcaine's instructions and after booting I got:
(for my homelab domain, served as public here) Link 2 (enp1s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.158.1 DNS Servers: 192.168.158.1 fd00::3681:c4ff:fe14:21b4 DNS Domain: fritz.box
(for my internal domain via libvirt ipv4 only) Link 5 (virbr0) Current Scopes: DNS LLMNR/IPv4 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.122.1 DNS Servers: 192.168.122.1 DNS Domain: fritz.lan
The internal names could be resolved, but with such a long delay that the solution is practically unusable. The „host“ utility provided the internal IPv4 name immediately, but continued searching for several seconds and finally the process was terminated with 2 times of the message ";; connection timed out; no servers could be reached“.
Host without -t parameter given sends -t A, -t AAAA and -t MX queries for given name. Because of the way dnsmasq behaves, you are waiting for -t AAAA and -t MX queries. Because they are looping from systemd-resolved to dnsmasq and back, until one of them drops them.
In the systemd-resolved log I found a lot of entries like
Firing regular transaction 50808 for <zbox.fritz.lan IN AAAA> scope dns on virbr0/* (validate=yes).
But virbr0 is ipv4 only.
This happens because dnsmasq serving names for libvirt network sends AAAA queries to whatever resolver it got from the system. Meaning usually back to whatever forwarded the name to it.
In my configuration, I used domain statement in virsh net-edit default to prevent sending X.vm names back to the system resolver. It becames then (sort of) authoritative for that name. You would just replace vm with fritz.lan (or vm.home.arpa.). localOnly=yes is imporant part. It tells dnsmasq to consider all names under fritz.lan its own and if it does not know them, they do not exist. If dns cache on hosts forwards some domain to it, it is required to break loops.
<network> ... <domain name='fritz.lan' localOnly='yes'/> ... </network>
It would be nice if it could be done automagically, but I doubt used domain can be specified on just single place. Together with libvirt hook, the above should work.
Any advice greatly appreciated.
Peter
Am 08.10.2020 um 09:33 schrieb Juan Orti Alcaine j.orti.alcaine@gmail.com:
El mié., 7 oct. 2020 a las 10:35, Petr Menšík (pemensik@redhat.com) escribió:
On 10/7/20 6:44 AM, Pavel Zhukov wrote:
I don't think it's a good idea. dnsmasq is not dns resolver but acts as DHCP and DNS server. It provides VMs with IP address/lease and create corresponding dns record for it. In case of resolved ip addresses and dns records must be managed either manually or... with dnsmasq.
That is not true. Any query sent to @192.168.122.1 would get reply. I use for example unbound on localhost and all my machines use .vm. domain suffix. rhel7.vm. is machine with rhel7. Dnsmasq manages automatically lease names of all its dhcp clients, it works as dynamic DNS connected with DHCP just out of the box.
I've created a libvirt hook to do the integration I was looking for. This works for me:
/etc/libvirt/hooks/network.d/laptop-lab.sh
#!/bin/bash set -o nounset
object="$1" operation="$2" suboperation="$3" extra="$4"
if [ "$object" == "laptop-lab" ]; then if [ "$operation" == "started" ] && [ "$suboperation" == "begin" ]; then /usr/bin/resolvectl dns laptop-lab 192.168.100.1 /usr/bin/resolvectl domain laptop-lab laptop.lab /usr/bin/resolvectl dnssec laptop-lab no fi fi
Am 10.09.2021 um 17:22 schrieb Daniel P. Berrangé berrange@redhat.com:
On Fri, Sep 10, 2021 at 04:57:56PM +0200, Peter Boy wrote:
(a) === Installing libvirt-nss. (Daniel Berrange) ===
I did the following
dnf install libvirt-nss
Modified following the libvirt documentation and the docs included with the files /etc/authselect/user-nsswitch.conf and edited the hosts item to "hosts: files myhostname libvirt resolve [!UNAVAIL=return] dns“
executed: authselect apply-changes
reboot
Neither using standard DNS without systems-resolved activated nor using systemd-resolved could resolve the internal names of the VM
I think you possibly mis-interpret what the libvirt-nss module is going to be doing here.
Unfortunately, I was swamped and it took a while to do the test installations.
Indeed, in the head of the action I overlooked that DNS clients use DNS of course.
Finally, libvirt-nss provides two modules.
"libvirt" does lookups against the hostname configured by the guest OS when acquiring its DHCP lease. This hostname is either set by the guest OS admin, or can be the hostname in the libvirt network XML config (virsh net-dumpxml default) if you're using fixed host<->ip<->mac mappings.
"libvirt_guest" does lookups against the guest name known to libvirt in the host. (ie name reported by 'virsh list‘) .
. . . . Personally I always use the "libvirt_guest" NSS module, so get host lookups using the libvirt guest name, but either NSS module is valid based on your desired outcome.
Thanks for all the information. Specifically libvirt_guest was very helpful. After all everything you detailed worked fine in my test installations and the libvirt_guest / nss part is currently a workaround for some inconsistency with resolvectl to handle a single, non FQN hostname.
Many thanks
Peter
By the way you may remember CCM and Aplaws you were working on about a decade ago. It’s still alive and in use. I lead the project for several years and we are working on a transition to JEE 8/9 retaining the outstanding architectural features as structured content and strong categorisation (mirror: https://github.com/libreccm). So your work at that time did not vanish.
Am 15.09.2021 um 19:22 schrieb Petr Menšík pemensik@redhat.com:
Many thanks for your information. They were very helpful. I got (almost) everything working with your (and Daniel's) information.
On 9/10/21 4:57 PM, Peter Boy wrote:
Hi all,
... The main challenge is to enable the host to resolve the internal name of the VMs. For this purpose, the DNS server provided by libvirt must be included in the search path (default virbr0 192.168.122.1). The server itself works fine. If you use dig or nsloookup to assign the servers, the names of the VMs are resolved correctly.
No, it does not have to be included in search path. It is just required to forward any subset of names to dns server listening on libvirt's interface.
That’s one of the issues I currently struggle with. Due to the installation the external interface comes first in the list, before the internal interface. So the external inferfaces name server is queried first (as I could confirm in the log).
'resolvectl query' always came up with the internal FQN and IP address for a single named host, as intended. 'host' and 'nslookup' mostly used the internal, but sometimes the external FQN name (after reboots). No regularity recognizable. 'dig‘ reports having found something, but does not show any IP address.
'ping‘ and 'wget‘ (as proxy for a more or less typical application program) are not consistent either.
For applications, I was able to solve this at least partially by including libvirt-nss.
The other option would be to replace the link of /etc/resolve.conf with a file and define the search option accordingly (the currently automatic generated file lists the external domain name first). I'm hesitant to have that in the server documentation but stick as much as possible with upstream and default settings.
Do you have another idea from your experiences?
The internal names could be resolved, but with such a long delay that the solution is practically unusable. The „host“ utility provided the internal IPv4 name immediately, but continued searching for several seconds and finally the process was terminated with 2 times of the message ";; connection timed out; no servers could be reached“.
Host without -t parameter given sends -t A, -t AAAA and -t MX queries for given name. Because of the way dnsmasq behaves, you are waiting for -t AAAA and -t MX queries. Because they are looping from systemd-resolved to dnsmasq and back, until one of them drops them.
I added <domain name='fritz.lan' localOnly='yes‘/> And that solves the long delay. Thanks.
You can see in the log that 'host' and 'nslookup' still send AAAA requests by default. That produces the output Name: vm1.fritz.lan Address: 192.168.122.129 ** server can't find vm1.fritz.lan: REFUSED
The combination of IP address and REFUSED for the same name is misleading and possibly troubling to an admin if you don't know the background. The only possible solution to this that I can think of would be to introduce local IPv6 addresses.
Do you have another solution from your experience?
Again, thanks for your advice. It makes the Server docs much better.
Peter
devel@lists.stg.fedoraproject.org