Using dnsmasq with NetworkManager

networking ubuntu dns dhcp dnsmasq

It was well known that NetworkManager does not play well with dnsmasq (ref: here). I've skimmed throught the lengthy discussion here but still not sure what the recommended way to deal with the situation is.

All that I want is to do is to use dnsmasq to provide DNS and DHCP to my local network. What would be the recommended way in this case?

It seems the problem remains even for Ubuntu 14.04, even the bug is claimed to be fixed.

As work arounds, people are disabling the NM-enslaved dnsmasq-base because the following reasons:

The NM-enslaved dnsmasq uses hardcoded options (in C) that provide extremely limited functionality.

  • It doesn't listen on ethX (--listen-address=127.0.0.1). So we can't use our servers as DNS servers for our local network PCs, i.e. it's completely useless for LANs.
  • It doesn't cache requests (--cache-size=0). No caching ==> no DNS queries speedup. This again is very significant for LANs as there are many concurrent users.
  • Finally, we also need the DHCP and TFTP functionality of dnsmasq, so even if NM+dnsmasq included a real DNS server, we'd have to run another dnsmasq

But I'm not sure if they still holds and/or how the fix has solve the problem(s). Further, none of them are very clear exactly what they did and how they did to solve their problem. I.e., the solution part is missing from the lengthy discussion. Can someone fill in the blanks please? I.e.,

The dnsmasq provided out-of-box by Ubuntu is not working, on the server side, for the above reasons. And also, on the client side, "the dnsmasq installed on those Ubuntu laptops cannot do LAN DNS query from my DNS server", because "the (Ubuntu laptops') NetworkManager is causing them to have a weird 127.0.1.1 nameserver setting" (ref: DNS solution for LAN or local home network)

How to make dnsmasq to work smoothly with NetworkManager, so as to provide DNS and DHCP (and TFTP) to my local network, on both the server and client side?

TL'dr

for those seeking the answer. Of all the answers below, I found the simplest solution is @brad's, for the server side (still no good answer for the client side):

the only solution to the problem is to disable the NM-drive dnsmasq..., and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.


Solution 1:

I also have your problems.

In principle, after wiki.archlinux, it seems that to enable caching it should be enough to create a file /etc/NetworkManager/dnsmasq.d/cache containing simply

$ cat /etc/NetworkManager/dnsmasq.d/cache 
cache-size=1000

I tried this but, after NM restarted, I still have no cache:

# ps ax | grep dns
11724 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d

Note that the cited conf-file is always empty: I have not been able to configure any option using this procedure.

All in all, it seems that the NM-enslaved dnsmask in 14.04 (which is provided by the dnsmasq-base package) is completely locked, so it is not possible to enable caching, nor anything else (dhcp, tftp).

If this is right I think that, as you say, the only solution to the problem is to disable the NM-drive dnsmasq by commenting out the line

dns=dnsmasq

in the file /etc/NetworkManager/NetworkManager.conf and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.

Solution 2:

It is possible to override settings by putting them into /etc/NetworkManager/dnsmasq.d/*.conf. Configuration file settings take precedence over command-line flags. They are applied when NetworkManager starts dnsmasq. Run sudo service network-manager restart to reapply. (If there's any doubt: brad's answer missed the fact that ps ax | grep dns shows a --conf-dir argument)

For example:

echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

As I recall NetworkManager disables dnsmasq caching by default due to concerns over cache poisoning. For a machine where all users are trusted it may not be an issue.

NetworkManager doesn't integrate with resolvconf, and NM's server at 127.0.1.1 won't be used locally if the resolvconf package is installed. resolvconf is part of ubuntu-minimal and standard Debian installs; NetworkManager reimplements that functionality in a more integrated, less script-based way.

NetworkManager does make sure not to interfere with a global dnsmasq instance (binding to a secondary loopback IP and setting bind-interfaces through /etc/dnsmasq.d/network-manager). If you install a global dnsmasq instance and keep NM's instance, double check in /etc/resolv.conf to see which one the host will use by default.

While you can customise NetworkManager's dnsmasq instance as shown above, if you want a DNS server that binds to public interfaces, you should install the dnsmasq package (NetworkManager only uses dnsmasq-base, which doesn't configure a global instance) and put your configuration in /etc/dnsmasq.d/*.conf. NetworkManager's slave instance is only meant to bind to the loopback interface and configuring it beyond that scope would risk breaking it.

In summary, for someone who just wants local DNS caching:

sudo apt-get remove dnsmasq resolvconf dhcpcd5 rdnssd
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

For a simple LAN, NetworkManager's connection sharing should still suffice. But for a custom-configured LAN, with TFTP and so on:

sudo apt-get install resolvconf dnsmasq
echo 192.168.0.50,192.168.0.150,12h |sudo tee -a /etc/dnsmasq.d/lan.conf
echo enable-tftp |sudo tee -a /etc/dnsmasq.d/lan.conf
sudo service dnsmasq restart

Solution 3:

In addition to the previous replies to this post I would like to add, that Network-manager's dnsmasq-base instance, will also follow the addn-hosts directive, (placed in a configuration file created below /etc/NetworkManager/dnsmasq-shared.d/), forcing dnmasq-base to read the local /etc/hosts file, despite the fact that dnsmasq is called with the --no-hosts option by Network-Manager

That way, I have successfully managed to set up a local DNS-server on my Mint 20.1 Laptop. No need to fiddle around with IP-addresses (a properly set up /etc/hosts provided...)

Find a working sample below...

 # /etc/NetworkManager/dnsmasq-shared.d/local-DNS.conf
 domain=local.wifi              // specify the (local) DNS-domain
 addn-hosts=/etc/hosts          // force dnmasq to read /etc/hosts despite --no-host
 bogus-priv                     // do not forward private reverse lookups to upstream server (not needed if there is none...)
 dhcp-option=6,[IP-OF-WIFI_IF]  // tell client to use [IP-OF-WIFI_IF] as DNS-Server

Related

Restrict Windows CBS.log verbosity, set log level, stop hectomegabyte info madness
How to boot in verbose boot for Windows 10?
Error message when I try to run a virtual computer
Why are all MySQL InnoDB tables fragmented?
PostgreSQL slow commit performance
How do I set up a .pem login for my servers?
IQN Naming convention
Can I reasonably use SHA-256 in a DNSSEC deployment?
bind9 proper recursion setup
HTTPS redirect from a naked domain (example.com) to a full domain 'www.example.com' without an error?
ntpd: servers stuck on .INIT
what percentage of iowait is considered to be high?