Libvirt does indeed use DNSMasq to handle DHCP. If you're trying to do some advanced configs with DNSMasq, you need to make sure Libvirt is not interfering (removing the DHCP option from your config would work).
Your actual issue appears to be caused by the 'listen-address' statement. DNSMasq requires a valid IP address in the subnet you're trying to assign to. You should configure it to use an IP in the 192.168.122.0/24 range. If you don't do this, it won't actually be able to assign any IP addresses.
I talked to a friend of mine who has dealt with this type of thing before and here is what we did to get the environment to the end-state.
First, I never had to use dnsmasq -y, this worked as soon as I restarted the dnsmasq service and the test VM
The first thing we did was fix the dnsmasq server. In /etc/network/interfaces, you specifie the ip addr you want for that nic, use a netmask of 255.255.255.0, and define the network for that nic. It will look like this:
auto eth1
iface eth1 inet static
address 10.2.2.10
netmask 255.255.255.0
network 10.2.2.0
broadcast 10.2.2.255
The only change is to eth0, in which these three lines were already there. Not sure if they are needed (hopefully someone else can clarify that) but this is what I had added:
up route add default gw 10.2.1.1
dns-search my.lab
dns-nameservers <Corp-DNS-server>
I also removed the two post-up route lines, since they were not needed.
Finally, I needed to fix dnsmasq.conf; here I added the lo interface and commented out the no-dhcp-interface:
interface=lo
interface=eth0
interface=eth1
interface=eth2
#no-dhcp-interface=eth0
#no-dhcp-interface=eth1
#no-dhcp-interface=eth2
That fixed the server. The next thing to achieve the end-state is to configure your router to allow inter-vlan communication. I had already done that prior to this question, but here is an article to do that configuration: http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html
Lastly, I found that the test vm was not adding in the nameserver to its resolv.conf, so I added a file called tail to /etc/resolvconf/resolv.conf.d/ and simply added the dns server's ip for that subnet:
nameserver 10.1.1.10
Once I finished that, I was able to run apt-get update
and ping my dns names. I also then changed the test vm's interface file so it would get a dhcp addr and once I rebooted, it was able to recieve dhcp addrs.
I hope this helps everyone! Feel free to leave any comments if you wish for me to clarify.
Best Answer
It stands to reason that the syntax in the question would make sense. However, it is even simpler than that:
[Edit] After a couple years of this in use, I'm reporting a problem with this setup. Say you have a public and a secure network, both accessible via WiFi. If your device connects to the public network, but you wish to switch to the secure one, your device and the DHCP server will try to re-use your address lease from the public network, resulting in an invalid address for the subnet you now occupy. This could probably be fixed by setting lease time to zero, but that may have other adverse effects depending on your network requirements (network printer addresses, etc).