network: Make virtual domains resolvable from the host

This patch adds a new attribute "register" to the <domain> element. If
set to "yes", the DNS server created for the virtual network is
registered with systemd-resolved as a name server for the associated
domain. The names known to the dnsmasq process serving DNS and DHCP
requests for the virtual network will then be resolvable from the host
by appending the domain name to them.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

docs/formatnetwork.rst

@@ -88,7 +88,7 @@ to the physical LAN (if at all).
    ...
    <bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/>
    <mtu size="9000"/>
-   <domain name="example.com" localOnly="no"/>
+   <domain name="example.com" localOnly="no" register="no"/>
    <forward mode="nat" dev="eth0"/>
    ...
 
@@ -162,6 +162,13 @@ to the physical LAN (if at all).
    DNS server. If ``localOnly`` is "no", and by default, unresolved requests
    **will** be forwarded. :since:`Since 1.2.12`
 
+   :since:`Since 10.1.0` the optional ``register`` attribute can be used to
+   request registering the DNS server for resolving this domain with the host's
+   DNS resolver. When set to "yes", the host resolver will forward all requests
+   for domain names from this domain to the DNS server created for this virtual
+   network. To avoid DNS loops ``localOnly`` has to be set to "yes" as well.
+   This feature requires ``systemd-resolved`` to be running on the host.
+
 ``forward``
    Inclusion of the ``forward`` element indicates that the virtual network is to
    be connected to the physical LAN. :since:`Since 0.3.0.` The ``mode``

src/conf/network_conf.c

@@ -1582,6 +1582,19 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
                                &def->domainLocalOnly) < 0)
         return NULL;
 
+    if (virXMLPropTristateBool(domain_node, "register",
+                               VIR_XML_PROP_NONE,
+                               &def->domainRegister) < 0)
+        return NULL;
+
+    if (def->domainRegister == VIR_TRISTATE_BOOL_YES &&
+        def->domainLocalOnly != VIR_TRISTATE_BOOL_YES) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("attribute 'register=yes' in <domain> element requires 'localOnly=yes' in network %1$s"),
+                       def->name);
+        return NULL;
+    }
+
     if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) &&
         virNetDevBandwidthParse(&def->bandwidth, NULL, bandwidthNode, false) < 0)
         return NULL;
@@ -2405,6 +2418,11 @@ virNetworkDefFormatBuf(virBuffer *buf,
             virBufferAsprintf(buf, " localOnly='%s'", local);
         }
 
+        if (def->domainRegister) {
+            virBufferAsprintf(buf, " register='%s'",
+                              virTristateBoolTypeToString(def->domainRegister));
+        }
+
         virBufferAddLit(buf, "/>\n");
     }
 

src/conf/network_conf.h

@@ -245,6 +245,7 @@ struct _virNetworkDef {
     int  macTableManager; /* enum virNetworkBridgeMACTableManager */
     char *domain;
     virTristateBool domainLocalOnly; /* yes disables dns forwarding */
+    virTristateBool domainRegister;
     unsigned long delay;   /* Bridge forward delay (ms) */
     bool stp; /* Spanning tree protocol */
     unsigned int mtu; /* MTU for bridge, 0 means "default" i.e. unset in config */

src/conf/schemas/network.rng

@@ -258,6 +258,9 @@
             <optional>
               <attribute name="localOnly"><ref name="virYesNo"/></attribute>
             </optional>
+            <optional>
+              <attribute name="register"><ref name="virYesNo"/></attribute>
+            </optional>
           </element>
         </optional>
 

src/network/bridge_driver.c

@@ -63,7 +63,7 @@
 #include "virjson.h"
 #include "virnetworkportdef.h"
 #include "virutil.h"
-
+#include "virsystemd.h"
 #include "netdev_bandwidth_conf.h"
 
 #define VIR_FROM_THIS VIR_FROM_NETWORK
@@ -1902,6 +1902,7 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
     bool dnsmasqStarted = false;
     bool devOnline = false;
     bool firewalRulesAdded = false;
+    virSocketAddr *dnsServer = NULL;
 
     /* Check to see if any network IP collides with an existing route */
     if (networkCheckRouteCollision(def) < 0)
@@ -1958,6 +1959,9 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
         if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
             v6present = true;
 
+        if (!dnsServer)
+            dnsServer = &ipdef->address;
+
         /* Add the IP address/netmask to the bridge */
         if (networkAddAddrToBridge(obj, ipdef) < 0)
             goto error;
@@ -2011,6 +2015,32 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
             goto error;
 
         dnsmasqStarted = true;
+
+        if (def->domain && def->domainRegister && dnsServer) {
+            unsigned int link;
+            int rc;
+
+            if ((link = if_nametoindex(def->bridge)) == 0) {
+                virReportSystemError(ENODEV,
+                                     _("unable to get interface index for %1$s"),
+                                     def->bridge);
+                goto error;
+            }
+
+            rc = virSystemdResolvedRegisterNameServer(link, def->domain,
+                                                      dnsServer);
+            if (rc == -2) {
+                virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                               _("failed to register name server: systemd-resolved is not available"));
+                goto error;
+            }
+
+            if (rc < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("failed to register name server"));
+                goto error;
+            }
+        }
     }
 
     if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)