Grr, systemd-resolved and dnsmasq are having a war to use all my CPU. Most of the SO answers (https://unix.stackexchange.com/questions/304050/how-to-avoid-conflicts-between-dnsmasq-and-systemd-resolved) are "disable systemd-resolved! manage DNS yourself!" which I don't want to do; I didn't install dnsmasq because I care about running my own DNS server, lxd installed it and so I can't remove it. But this seems to be a lxd problem, and there's a lxd solution! This seems to work: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-April/013158.html
wrote this up in a stack exchange answer so hopefully future people will discover it: https://unix.stackexchange.com/a/466757/191170
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!