network: Let domains be restricted to local DNS

This adds a new "localOnly" attribute on the domain element of the
network xml.  With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b987d, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

Signed-off-by: Josh Stone <jistone@redhat.com>

docs/formatnetwork.html.in

@@ -82,7 +82,7 @@
     <pre>
         ...
         &lt;bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/&gt;
-        &lt;domain name="example.com"/&gt;
+        &lt;domain name="example.com" localOnly="no"/&gt;
         &lt;forward mode="nat" dev="eth0"/&gt;
         ...</pre>
 
@@ -151,6 +151,16 @@
         a <code>&lt;forward&gt;</code> mode of "nat" or "route" (or an
         isolated network with no <code>&lt;forward&gt;</code>
         element). <span class="since">Since 0.4.5</span>
+
+        <p>
+          If the optional <code>localOnly</code> attribute on the
+          <code>domain</code> element is "yes", then DNS requests under
+          this domain will only be resolved by the virtual network's own
+          DNS server - they will not be forwarded to the host's upstream
+          DNS server.  If <code>localOnly</code> is "no", and by
+          default, unresolved requests <b>will</b> be forwarded.
+          <span class="since">Since 1.2.12</span>
+        </p>
       </dd>
       <dt><code>forward</code></dt>
       <dd>Inclusion of the <code>forward</code> element indicates that