Using dnsmasq with NetworkManager
It was well known that NetworkManager does not play well with dnsmasq
(ref: here). I've skimmed throught the lengthy discussion here but still not sure what the recommended way to deal with the situation is.
All that I want is to do is to use dnsmasq
to provide DNS and DHCP to my local network. What would be the recommended way in this case?
It seems the problem remains even for Ubuntu 14.04, even the bug is claimed to be fixed.
As work arounds, people are disabling the NM-enslaved dnsmasq-base
because the following reasons:
The NM-enslaved dnsmasq
uses hardcoded options (in C) that provide extremely limited functionality.
- It doesn't listen on ethX (
--listen-address=127.0.0.1
). So we can't use our servers as DNS servers for our local network PCs, i.e. it's completely useless for LANs. - It doesn't cache requests (
--cache-size=0
). No caching ==> no DNS queries speedup. This again is very significant for LANs as there are many concurrent users. - Finally, we also need the DHCP and TFTP functionality of dnsmasq, so even if NM+dnsmasq included a real DNS server, we'd have to run another dnsmasq
But I'm not sure if they still holds and/or how the fix has solve the problem(s). Further, none of them are very clear exactly what they did and how they did to solve their problem. I.e., the solution part is missing from the lengthy discussion. Can someone fill in the blanks please? I.e.,
The dnsmasq
provided out-of-box by Ubuntu is not working, on the server side, for the above reasons. And also, on the client side, "the dnsmasq installed on those Ubuntu laptops cannot do LAN DNS query from my DNS server", because "the (Ubuntu laptops') NetworkManager is causing them to have a weird 127.0.1.1 nameserver setting" (ref: DNS solution for LAN or local home network)
How to make dnsmasq to work smoothly with NetworkManager, so as to provide DNS and DHCP (and TFTP) to my local network, on both the server and client side?
TL'dr
for those seeking the answer. Of all the answers below, I found the simplest solution is @brad's, for the server side (still no good answer for the client side):
the only solution to the problem is to disable the NM-drive dnsmasq..., and install the "standard" dnsmasq and then configure it via its standard
/etc/dnsmasq.conf
configuration file.
Solution 1:
I also have your problems.
In principle, after wiki.archlinux, it seems that to enable caching it should be enough to create a file /etc/NetworkManager/dnsmasq.d/cache
containing simply
$ cat /etc/NetworkManager/dnsmasq.d/cache
cache-size=1000
I tried this but, after NM restarted, I still have no cache:
# ps ax | grep dns
11724 ? S 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
Note that the cited conf-file is always empty: I have not been able to configure any option using this procedure.
All in all, it seems that the NM-enslaved dnsmask in 14.04 (which is provided by the dnsmasq-base package) is completely locked, so it is not possible to enable caching, nor anything else (dhcp, tftp).
If this is right I think that, as you say, the only solution to the problem is to disable the NM-drive dnsmasq by commenting out the line
dns=dnsmasq
in the file /etc/NetworkManager/NetworkManager.conf
and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf
configuration file.
Solution 2:
It is possible to override settings by putting them into /etc/NetworkManager/dnsmasq.d/*.conf
. Configuration file settings take precedence over command-line flags. They are applied when NetworkManager starts dnsmasq. Run sudo service network-manager restart
to reapply. (If there's any doubt: brad's answer missed the fact that ps ax | grep dns
shows a --conf-dir
argument)
For example:
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf
As I recall NetworkManager disables dnsmasq caching by default due to concerns over cache poisoning. For a machine where all users are trusted it may not be an issue.
NetworkManager doesn't integrate with resolvconf
, and NM's server at 127.0.1.1
won't be used locally if the resolvconf package is installed. resolvconf is part of ubuntu-minimal and standard Debian installs; NetworkManager reimplements that functionality in a more integrated, less script-based way.
NetworkManager does make sure not to interfere with a global dnsmasq instance (binding to a secondary loopback IP and setting bind-interfaces
through /etc/dnsmasq.d/network-manager
). If you install a global dnsmasq instance and keep NM's instance, double check in /etc/resolv.conf
to see which one the host will use by default.
While you can customise NetworkManager's dnsmasq instance as shown above, if you want a DNS server that binds to public interfaces, you should install the dnsmasq
package (NetworkManager only uses dnsmasq-base
, which doesn't configure a global instance) and put your configuration in /etc/dnsmasq.d/*.conf
. NetworkManager's slave instance is only meant to bind to the loopback interface and configuring it beyond that scope would risk breaking it.
In summary, for someone who just wants local DNS caching:
sudo apt-get remove dnsmasq resolvconf dhcpcd5 rdnssd
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf
For a simple LAN, NetworkManager's connection sharing should still suffice. But for a custom-configured LAN, with TFTP and so on:
sudo apt-get install resolvconf dnsmasq
echo 192.168.0.50,192.168.0.150,12h |sudo tee -a /etc/dnsmasq.d/lan.conf
echo enable-tftp |sudo tee -a /etc/dnsmasq.d/lan.conf
sudo service dnsmasq restart
Solution 3:
In addition to the previous replies to this post I would like to add, that Network-manager's dnsmasq-base
instance, will also follow the addn-hosts
directive, (placed in a configuration file created below /etc/NetworkManager/dnsmasq-shared.d/), forcing dnmasq-base to read the local /etc/hosts
file, despite the fact that dnsmasq is called with the --no-hosts
option by Network-Manager
That way, I have successfully managed to set up a local DNS-server on my Mint 20.1 Laptop. No need to fiddle around with IP-addresses (a properly set up /etc/hosts
provided...)
Find a working sample below...
# /etc/NetworkManager/dnsmasq-shared.d/local-DNS.conf
domain=local.wifi // specify the (local) DNS-domain
addn-hosts=/etc/hosts // force dnmasq to read /etc/hosts despite --no-host
bogus-priv // do not forward private reverse lookups to upstream server (not needed if there is none...)
dhcp-option=6,[IP-OF-WIFI_IF] // tell client to use [IP-OF-WIFI_IF] as DNS-Server