Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq

To: Mathias Gibbens <gibmat@debian.org>, debian-go@lists.debian.org
Cc: tarjaizaid@gmail.com
Subject: Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
From: Carsten Brandt <cb@cebe.cloud>
Date: Tue, 20 Dec 2022 09:25:54 +0100
Message-id: <[🔎] 3072926d-9175-f86b-78f9-650ac2c71c20@cebe.cloud>
In-reply-to: <[🔎] 6c6a3a5181524a8aa36f448555d834059e460784.camel@debian.org>
References: <[🔎] CADJ1h1Q_4cC88fWHczSFvhvL7FPLs98hCL2oy9EEZXaFE8vttw@mail.gmail.com> <[🔎] 3372ead56323c595e3e9f08bfcdfc378a017dd49.camel@debian.org> <[🔎] CADJ1h1TOf=FYbeqDws+jcuUwA+veRXmrke-WOBxVaDteuw4pxw@mail.gmail.com> <[🔎] 8aa031f7-038f-963b-e640-e4d8fbd43b2f@cebe.cloud> <[🔎] 6c6a3a5181524a8aa36f448555d834059e460784.camel@debian.org>

Hi Mathias,

Am 20.12.22 um 02:10 schrieb Mathias Gibbens:

   I spent some time looking into this over the weekend, and in reading
the dnsmasq documentation realized that just dnsmasq-base would be
sufficient for LXD's use, very much like libvirt's packaging. That will
pull in the dnsmasq binary for LXD's use, but not setup a system-wide
service. I've done some testing this afternoon, and things seem to work
properly, so the change of Recommending dnsmasq -> dnsmasq-base will be
included in the next LXD upload.


Great, thank you!

I just checked my setup by removing dnsmasq and keeping dnsmasq-base,all seems to work fine. LXD is running its own instance of dnsmasq onthe lxdbr0 interface. The dnsmasq service installed by the dnsmasqpacakge is not needed :-)

   More generally, if you're concerned about the default configuration
of dnsmasq, please open a bug against that package. I would hope end-
users will have some sort of firewall between their systems and the
wider Internet to block unintended access to a DNS resolver. It would
be inappropriate for another package (lxd) to try to directly modify
dnsmasq's configuration.

Fully agree that we should not try to change dnsmasq config. The defaultof creating a public service makes sense when I install dnsmasq directly.


best regards,

Carsten

--
cebe.cloud - Carsten Brandt

cb@cebe.cloud
https://cebe.cloud/

cebe Internet GmbH
Leinstr. 3
31061 Alfeld (Leine)
Germany

Geschäftsführer: Carsten Brandt
Registriergericht: Amtsgericht Hildesheim
Registernummer: HRB 20 59 19

Reply to:

References:
- LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
  - From: Sylvain Tgz <tarjaizaid@gmail.com>
- Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
  - From: Mathias Gibbens <gibmat@debian.org>
- Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
  - From: Sylvain Tgz <tarjaizaid@gmail.com>
- Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
  - From: Carsten Brandt <cb@cebe.cloud>
- Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
  - From: Mathias Gibbens <gibmat@debian.org>

Prev by Date: RFS: golang-github-cloudflare-circl 1.3.1
Next by Date: Re: RFS: golang-github-cloudflare-circl 1.3.1
Previous by thread: Re: LXD packages - feedback and suggestion related to lxd-agent and dnsmasq
Next by thread: Re: Reintroducing src:toxiproxy for its -dev package
Index(es):
- Date
- Thread