KVM and guest DNS


#1

I have a KVM running on CentOS 5.5, with bridge mode enabled.

[code]/etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
ONBOOT=yes[/code]
/etc/sysconfig/network-scripts/ifcfg-eth0

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet DEVICE=eth0 BOOTPROTO=none HWADDR=E4:1F:13:6D:46:94 ONBOOT=yes TYPE=Ethernet #USERCTL=no #IPV6INIT=no #PEERDNS=yes BRIDGE=br0 #NETMASK=255.255.255.0 #IPADDR=192.168.1.10 #GATEWAY=192.168.1.1
I have installed two guests (Ubuntu 10.10 (192.168.1.12) and Fedora 14 (192.168.1.11) ).

I can ping everything by IP from host: 192.168.1.1, 192.168.1.11, 192.168.1.12, centos.org

All sucessfuly from host:

[code][root@localhost mess]# /usr/bin/nslookup www.centos.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.centos.org
Address: 72.232.194.162

[root@localhost mess]# ping 192.168.1.12
PING 192.168.1.12 (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=1.36 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.130 ms

— 192.168.1.12 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.130/0.747/1.364/0.617 ms[/code]

But when I try to nslookup from guests, I get a response that no servers could be reached

I also can’t browse, because guest don’t translate domain names. Internet domain names just don’t work (centos.org, etc)

All DNS stuff is stuck. I can ping an IP from both guests (for example 72.232.194.162) without problems.

What is wrong ?

[code]Ubuntu-Guest: /etc/resolv.conf
nameserver 192.168.1.1

ifconfig
eth0 Link encap:Ethernet HWaddr 54:52:00:5d:c9:bc
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::5652:ff:fe5d:c9bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:672 errors:0 dropped:0 overruns:0 frame:0
TX packets:805 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:72918 (72.9 KB) TX bytes:76109 (76.1 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1[/code]

The same problem is with fedora guest. Internet is just not working.

I checked in Administration/Services and NetworkManager is stopped in Runlevel 3,4,5.

DNS still not working ;(

Bridge seems to work fine

[root@localhost mess]# /usr/sbin/brctl show bridge name bridge id STP enabled interfaces br0 8000.e41f136d4694 no vnet1 vnet0 eth0 virbr0 8000.000000000000 yes

Dig on host:

[code]dig @8.8.8.8 centos.org

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @8.8.8.8 centos.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22437
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;centos.org. IN A

;; ANSWER SECTION:
centos.org. 120 IN A 72.232.194.162

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Nov 14 06:41:06 2010
;; MSG SIZE rcvd: 44[/code]
Dig on guest:

[code]dig @8.8.8.8 centos.org

; <<>> DiG 9.7.1-P2 <<>> @8.8.8.8 centos.org
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached[/code]

resolv.conf on guest

[code]mess@HAL-ubuntu:~$ cat /etc/resolv.conf

Generated by NetworkManager

search example.com
nameserver 192.168.1.1[/code]

Any sugestions ?


#2

Solved the puzzle

This is the page with the answer:

wiki.libvirt.org/page/Networking

I had to do this:

cat >> /etc/sysctl.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
EOF

sysctl -p /etc/sysctl.conf