Using dnsmasq with NetworkManager

ubuntu networking dns dhcp dnsmasq

46,233

Solution 1

I also have your problems.

In principle, after wiki.archlinux, it seems that to enable caching it should be enough to create a file /etc/NetworkManager/dnsmasq.d/cache containing simply

$ cat /etc/NetworkManager/dnsmasq.d/cache 
cache-size=1000

I tried this but, after NM restarted, I still have no cache:

# ps ax | grep dns
11724 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d

Note that the cited conf-file is always empty: I have not been able to configure any option using this procedure.

All in all, it seems that the NM-enslaved dnsmask in 14.04 (which is provided by the dnsmasq-base package) is completely locked, so it is not possible to enable caching, nor anything else (dhcp, tftp).

If this is right I think that, as you say, the only solution to the problem is to disable the NM-drive dnsmasq by commenting out the line

dns=dnsmasq

in the file /etc/NetworkManager/NetworkManager.conf and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.

Solution 2

It is possible to override settings by putting them into /etc/NetworkManager/dnsmasq.d/*.conf. Configuration file settings take precedence over command-line flags. They are applied when NetworkManager starts dnsmasq. Run sudo service network-manager restart to reapply. (If there's any doubt: brad's answer missed the fact that ps ax | grep dns shows a --conf-dir argument)

For example:

echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

As I recall NetworkManager disables dnsmasq caching by default due to concerns over cache poisoning. For a machine where all users are trusted it may not be an issue.

NetworkManager doesn't integrate with resolvconf, and NM's server at 127.0.1.1 won't be used locally if the resolvconf package is installed. resolvconf is part of ubuntu-minimal and standard Debian installs; NetworkManager reimplements that functionality in a more integrated, less script-based way.

NetworkManager does make sure not to interfere with a global dnsmasq instance (binding to a secondary loopback IP and setting bind-interfaces through /etc/dnsmasq.d/network-manager). If you install a global dnsmasq instance and keep NM's instance, double check in /etc/resolv.conf to see which one the host will use by default.

While you can customise NetworkManager's dnsmasq instance as shown above, if you want a DNS server that binds to public interfaces, you should install the dnsmasq package (NetworkManager only uses dnsmasq-base, which doesn't configure a global instance) and put your configuration in /etc/dnsmasq.d/*.conf. NetworkManager's slave instance is only meant to bind to the loopback interface and configuring it beyond that scope would risk breaking it.

In summary, for someone who just wants local DNS caching:

sudo apt-get remove dnsmasq resolvconf dhcpcd5 rdnssd
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

For a simple LAN, NetworkManager's connection sharing should still suffice. But for a custom-configured LAN, with TFTP and so on:

sudo apt-get install resolvconf dnsmasq
echo 192.168.0.50,192.168.0.150,12h |sudo tee -a /etc/dnsmasq.d/lan.conf
echo enable-tftp |sudo tee -a /etc/dnsmasq.d/lan.conf
sudo service dnsmasq restart

Solution 3

In addition to the previous replies to this post I would like to add, that Network-manager's dnsmasq-base instance, will also follow the addn-hosts directive, (placed in a configuration file created below /etc/NetworkManager/dnsmasq-shared.d/), forcing dnmasq-base to read the local /etc/hosts file, despite the fact that dnsmasq is called with the --no-hosts option by Network-Manager

That way, I have successfully managed to set up a local DNS-server on my Mint 20.1 Laptop. No need to fiddle around with IP-addresses (a properly set up /etc/hosts provided...)

Find a working sample below...

 # /etc/NetworkManager/dnsmasq-shared.d/local-DNS.conf
 domain=local.wifi              // specify the (local) DNS-domain
 addn-hosts=/etc/hosts          // force dnmasq to read /etc/hosts despite --no-host
 bogus-priv                     // do not forward private reverse lookups to upstream server (not needed if there is none...)
 dhcp-option=6,[IP-OF-WIFI_IF]  // tell client to use [IP-OF-WIFI_IF] as DNS-Server

Solution 4

Despite claims here and elsewhere to the contrary, NetworkManager completely ignores any and all dmsmasq configuration files – even those in its own directory /etc/NetworkManager/dnsmasq-shared.d. The proof is in the source code for NetworkManager... Here is the relevant comment:

/* dnsmasq may read from its default config file location, which if that location is a valid config file, it will combine with the options here and cause undesirable side-effects. Like sending bogus IP addresses as the gateway or whatever. So tell dnsmasq not to use any config file at all. */

Here is link to relevant source code (lines 139-144).

View more solutions

46,233

xpt

Updated on September 18, 2022

Comments

xpt over 1 year
It was well known that NetworkManager does not play well with dnsmasq (ref: here). I've skimmed throught the lengthy discussion here but still not sure what the recommended way to deal with the situation is.

All that I want is to do is to use dnsmasq to provide DNS and DHCP to my local network. What would be the recommended way in this case?

It seems the problem remains even for Ubuntu 14.04, even the bug is claimed to be fixed.

As work arounds, people are disabling the NM-enslaved dnsmasq-base because the following reasons:

The NM-enslaved dnsmasq uses hardcoded options (in C) that provide extremely limited functionality.
- It doesn't listen on ethX (--listen-address=127.0.0.1). So we can't use our servers as DNS servers for our local network PCs, i.e. it's completely useless for LANs.
- It doesn't cache requests (--cache-size=0). No caching ==> no DNS queries speedup. This again is very significant for LANs as there are many concurrent users.
- Finally, we also need the DHCP and TFTP functionality of dnsmasq, so even if NM+dnsmasq included a real DNS server, we'd have to run another dnsmasq
But I'm not sure if they still holds and/or how the fix has solve the problem(s). Further, none of them are very clear exactly what they did and how they did to solve their problem. I.e., the solution part is missing from the lengthy discussion. Can someone fill in the blanks please? I.e.,

The dnsmasq provided out-of-box by Ubuntu is not working, on the server side, for the above reasons. And also, on the client side, "the dnsmasq installed on those Ubuntu laptops cannot do LAN DNS query from my DNS server", because "the (Ubuntu laptops') NetworkManager is causing them to have a weird 127.0.1.1 nameserver setting" (ref: DNS solution for LAN or local home network)

How to make dnsmasq to work smoothly with NetworkManager, so as to provide DNS and DHCP (and TFTP) to my local network, on both the server and client side?

TL'dr

for those seeking the answer. Of all the answers below, I found the simplest solution is @brad's, for the server side (still no good answer for the client side):

the only solution to the problem is to disable the NM-drive dnsmasq..., and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.
- Admin over 9 years
  
  Just for Googlers (like me): In newer versions of ubuntu dnsmasq-core inside NetworkManager is somewhat more friendly. See here: askubuntu.com/questions/233195/…
xpt over 9 years

Welcome to superuser brad! Thanks for your help!
sirfz over 7 years

Actually this does enable cache, since it's running with --conf-dir=/etc/NetworkManager/dnsmasq.d, the cache-size specified in the file you created is used. You can see the difference using dig
nealmcb about 7 years

Thanks. Though you should describe more fully what your "in summary" commands do, i.e. the instructions also remove 4 packages if you have them currently More links and discussion at reddit.com/r/Ubuntu/comments/2j0va4/…
jamesc over 6 years

A link to point at the source code so that readers can validate this and read the associated code would be helpful if possible.
xpt over 6 years

Quite agree with @nealmcb, Tobu, please explain why "for someone who just wants local DNS caching", they need to remove the dnsmasq package. then what's the next echo command is for? since the dnsmasq will be gone.
xpt over 6 years

thanks for the answer Christopher, however, I'm really not able to follow... "I wanted to assign a particular MAC to a particular IP address and for the purposes of stability"... "ps auxgww | grep dnsmasq shows that the last command line argument of each of the dnsmasq processes"... "I created ... would have worked"... "Yes, this is wrong"... I.e., I really can't follow your train of thought, to make sense what you are trying to say here.
Thalis Kalfigkopoulos almost 6 years

@xpt Tobu suggests to remove dnsmasq, but you should still have dnsmasq-base installed due to NM.
Hardy over 5 years

So yes, one can not specify an explicit config file. --conf-file is hard coded to /dev/null. However, if you look at the full command line used to start dnsmasq via the NetworkManager you see that conf-dir is used: '/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d', meaning all the files in the given directory are read.
Lei Zhao almost 4 years

"Configuration file settings take precedence over command-line flags." However, if you specify bind-dynamic in the configuration file, dnsmasq complains that it cannot be both bind-interfaces and bind-dynamic. Potentially one of the few options that you cannot override from the configuration file.
Jonathon Reinhart over 3 years

This is definitely not the case on Debian 10. From the NetworkManager.conf(5) man page: "It is possible to pass custom options to the dnsmasq instance by adding them to files in the /etc/NetworkManager/dnsmasq.d/ directory." I use this successfully for pointing a test domain at a libvirt VM.
xpt about 3 years

Welcome & Thanks Bernie! a sample file with mock data would be appreciated, of the one you placed below /etc/NetworkManager/dnsmasq-shared.d/, and the explanation of its effect. thx.
Bernie D about 3 years

Thanks for the kind comment, @xpt!
xpt about 3 years

Thanks, keep on contributing Bernie, :)
AveryFreeman about 2 years

Your answer is titled "How to use dnsmasq to provide DNS and DHCP to my local network", yet you go on to describe how to stop dnsmasq from providing DNS to your machine (NetworkManager does not use dnsmasq for DHCP). Do you see the irony?