Using dnsmasq with NetworkManager
Solution 1
I also have your problems.
In principle, after wiki.archlinux, it seems that to enable caching it should be enough to create a file /etc/NetworkManager/dnsmasq.d/cache
containing simply
$ cat /etc/NetworkManager/dnsmasq.d/cache
cache-size=1000
I tried this but, after NM restarted, I still have no cache:
# ps ax | grep dns
11724 ? S 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
Note that the cited conf-file is always empty: I have not been able to configure any option using this procedure.
All in all, it seems that the NM-enslaved dnsmask in 14.04 (which is provided by the dnsmasq-base package) is completely locked, so it is not possible to enable caching, nor anything else (dhcp, tftp).
If this is right I think that, as you say, the only solution to the problem is to disable the NM-drive dnsmasq by commenting out the line
dns=dnsmasq
in the file /etc/NetworkManager/NetworkManager.conf
and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf
configuration file.
Solution 2
It is possible to override settings by putting them into /etc/NetworkManager/dnsmasq.d/*.conf
. Configuration file settings take precedence over command-line flags. They are applied when NetworkManager starts dnsmasq. Run sudo service network-manager restart
to reapply. (If there's any doubt: brad's answer missed the fact that ps ax | grep dns
shows a --conf-dir
argument)
For example:
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf
As I recall NetworkManager disables dnsmasq caching by default due to concerns over cache poisoning. For a machine where all users are trusted it may not be an issue.
NetworkManager doesn't integrate with resolvconf
, and NM's server at 127.0.1.1
won't be used locally if the resolvconf package is installed. resolvconf is part of ubuntu-minimal and standard Debian installs; NetworkManager reimplements that functionality in a more integrated, less script-based way.
NetworkManager does make sure not to interfere with a global dnsmasq instance (binding to a secondary loopback IP and setting bind-interfaces
through /etc/dnsmasq.d/network-manager
). If you install a global dnsmasq instance and keep NM's instance, double check in /etc/resolv.conf
to see which one the host will use by default.
While you can customise NetworkManager's dnsmasq instance as shown above, if you want a DNS server that binds to public interfaces, you should install the dnsmasq
package (NetworkManager only uses dnsmasq-base
, which doesn't configure a global instance) and put your configuration in /etc/dnsmasq.d/*.conf
. NetworkManager's slave instance is only meant to bind to the loopback interface and configuring it beyond that scope would risk breaking it.
In summary, for someone who just wants local DNS caching:
sudo apt-get remove dnsmasq resolvconf dhcpcd5 rdnssd
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf
For a simple LAN, NetworkManager's connection sharing should still suffice. But for a custom-configured LAN, with TFTP and so on:
sudo apt-get install resolvconf dnsmasq
echo 192.168.0.50,192.168.0.150,12h |sudo tee -a /etc/dnsmasq.d/lan.conf
echo enable-tftp |sudo tee -a /etc/dnsmasq.d/lan.conf
sudo service dnsmasq restart
Solution 3
In addition to the previous replies to this post I would like to add, that Network-manager's dnsmasq-base
instance, will also follow the addn-hosts
directive, (placed in a configuration file created below /etc/NetworkManager/dnsmasq-shared.d/), forcing dnmasq-base to read the local /etc/hosts
file, despite the fact that dnsmasq is called with the --no-hosts
option by Network-Manager
That way, I have successfully managed to set up a local DNS-server on my Mint 20.1 Laptop. No need to fiddle around with IP-addresses (a properly set up /etc/hosts
provided...)
Find a working sample below...
# /etc/NetworkManager/dnsmasq-shared.d/local-DNS.conf
domain=local.wifi // specify the (local) DNS-domain
addn-hosts=/etc/hosts // force dnmasq to read /etc/hosts despite --no-host
bogus-priv // do not forward private reverse lookups to upstream server (not needed if there is none...)
dhcp-option=6,[IP-OF-WIFI_IF] // tell client to use [IP-OF-WIFI_IF] as DNS-Server
Solution 4
Despite claims here and elsewhere to the contrary, NetworkManager completely ignores any and all dmsmasq configuration files – even those in its own directory /etc/NetworkManager/dnsmasq-shared.d
. The proof is in the source code for NetworkManager... Here is the relevant comment:
/* dnsmasq may read from its default config file location, which if that location is a valid config file, it will combine with the options here and cause undesirable side-effects. Like sending bogus IP addresses as the gateway or whatever. So tell dnsmasq not to use any config file at all. */
Here is link to relevant source code (lines 139-144).
Related videos on Youtube
xpt
Updated on September 18, 2022Comments
-
xpt over 1 year
It was well known that NetworkManager does not play well with
dnsmasq
(ref: here). I've skimmed throught the lengthy discussion here but still not sure what the recommended way to deal with the situation is.All that I want is to do is to use
dnsmasq
to provide DNS and DHCP to my local network. What would be the recommended way in this case?It seems the problem remains even for Ubuntu 14.04, even the bug is claimed to be fixed.
As work arounds, people are disabling the NM-enslaved
dnsmasq-base
because the following reasons:The NM-enslaved
dnsmasq
uses hardcoded options (in C) that provide extremely limited functionality.- It doesn't listen on ethX (
--listen-address=127.0.0.1
). So we can't use our servers as DNS servers for our local network PCs, i.e. it's completely useless for LANs. - It doesn't cache requests (
--cache-size=0
). No caching ==> no DNS queries speedup. This again is very significant for LANs as there are many concurrent users. - Finally, we also need the DHCP and TFTP functionality of dnsmasq, so even if NM+dnsmasq included a real DNS server, we'd have to run another dnsmasq
But I'm not sure if they still holds and/or how the fix has solve the problem(s). Further, none of them are very clear exactly what they did and how they did to solve their problem. I.e., the solution part is missing from the lengthy discussion. Can someone fill in the blanks please? I.e.,
The
dnsmasq
provided out-of-box by Ubuntu is not working, on the server side, for the above reasons. And also, on the client side, "the dnsmasq installed on those Ubuntu laptops cannot do LAN DNS query from my DNS server", because "the (Ubuntu laptops') NetworkManager is causing them to have a weird 127.0.1.1 nameserver setting" (ref: DNS solution for LAN or local home network)How to make dnsmasq to work smoothly with NetworkManager, so as to provide DNS and DHCP (and TFTP) to my local network, on both the server and client side?
TL'dr
for those seeking the answer. Of all the answers below, I found the simplest solution is @brad's, for the server side (still no good answer for the client side):
the only solution to the problem is to disable the NM-drive dnsmasq..., and install the "standard" dnsmasq and then configure it via its standard
/etc/dnsmasq.conf
configuration file.-
Admin over 9 yearsJust for Googlers (like me): In newer versions of ubuntu dnsmasq-core inside NetworkManager is somewhat more friendly. See here: askubuntu.com/questions/233195/…
- It doesn't listen on ethX (
-
xpt over 9 yearsWelcome to superuser brad! Thanks for your help!
-
sirfz over 7 yearsActually this does enable cache, since it's running with
--conf-dir=/etc/NetworkManager/dnsmasq.d
, thecache-size
specified in the file you created is used. You can see the difference usingdig
-
nealmcb about 7 yearsThanks. Though you should describe more fully what your "in summary" commands do, i.e. the instructions also remove 4 packages if you have them currently More links and discussion at reddit.com/r/Ubuntu/comments/2j0va4/…
-
jamesc over 6 yearsA link to point at the source code so that readers can validate this and read the associated code would be helpful if possible.
-
xpt over 6 yearsQuite agree with @nealmcb, Tobu, please explain why "for someone who just wants local DNS caching", they need to remove the
dnsmasq
package. then what's the nextecho
command is for? since thednsmasq
will be gone. -
xpt over 6 yearsthanks for the answer Christopher, however, I'm really not able to follow... "I wanted to assign a particular MAC to a particular IP address and for the purposes of stability"... "ps auxgww | grep dnsmasq shows that the last command line argument of each of the dnsmasq processes"... "I created ... would have worked"... "Yes, this is wrong"... I.e., I really can't follow your train of thought, to make sense what you are trying to say here.
-
Thalis Kalfigkopoulos almost 6 years@xpt Tobu suggests to remove
dnsmasq
, but you should still havednsmasq-base
installed due to NM. -
Hardy over 5 yearsSo yes, one can not specify an explicit config file. --conf-file is hard coded to /dev/null. However, if you look at the full command line used to start dnsmasq via the NetworkManager you see that conf-dir is used: '/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d', meaning all the files in the given directory are read.
-
Lei Zhao almost 4 years"Configuration file settings take precedence over command-line flags." However, if you specify
bind-dynamic
in the configuration file, dnsmasq complains that it cannot be bothbind-interfaces
andbind-dynamic
. Potentially one of the few options that you cannot override from the configuration file. -
Jonathon Reinhart over 3 yearsThis is definitely not the case on Debian 10. From the
NetworkManager.conf(5)
man page: "It is possible to pass custom options to the dnsmasq instance by adding them to files in the/etc/NetworkManager/dnsmasq.d/
directory." I use this successfully for pointing a test domain at a libvirt VM. -
xpt about 3 yearsWelcome & Thanks Bernie! a sample file with mock data would be appreciated, of the one you placed below /etc/NetworkManager/dnsmasq-shared.d/, and the explanation of its effect. thx.
-
Bernie D about 3 yearsThanks for the kind comment, @xpt!
-
xpt about 3 yearsThanks, keep on contributing Bernie, :)
-
AveryFreeman about 2 yearsYour answer is titled "How to use dnsmasq to provide DNS and DHCP to my local network", yet you go on to describe how to stop dnsmasq from providing DNS to your machine (NetworkManager does not use dnsmasq for DHCP). Do you see the irony?