Our network relies on DHCP tags to route clients to the correct upstream hosts without having to know the FQDN of those hosts. We use dnsmasq
to set tags for clients by MAC address and then we push different search domains to the clients based on the tag. For example, we have these two lines in dnsmasq.conf
:
dhcp-option=tag:foo,option:domain-search,foo.company.net
dhcp-host=00:11:22:33:44:55,foo-client,set:foo
Here, when foo-client
tries to access any unqualified hosts, it will try looking at <unqualified-hostname>.foo.company.net
.
Some of the client machines are also running services inside of an LXC container. The container gets its networking information assigned by a local instance of dnsmasq
running on the LXC host, which is the default method for DNS/DHCP of LXC guests. The LXC guest then gets an IP address on a local NAT network.
The trouble comes from our tagging scheme. The LXC guests don't get the search domain pushed to them because they're not receiving DCHP from our main network-wide DHCP server. The LXC guests can ping IP addresses on the wider network, but DNS resolution with the search domain fails. If I manually set the correct search domain, then resolution works as expected.
Is there a way to pass through that search domain from the host to the guest?
Note, we are NOT running lxd
.
Best Answer
So I didn't find an exact solution to this, but I did find a workaround. Basically LXC can run a script on the guest before bringing the network up. This configuration option is called
lxc.network.script.up
. I used this feature to copy DNS information from the host:I placed this script in
/var/lib/lxc/guest/setup-dns.sh
and added the following line to/var/lib/lxc/guest/config
:After doing these steps, the guest comes up and has DNS and search path options properly set.