On Fri, 2022-05-27 at 15:30 +0200, Petr Menšík via networkmanager-list
> Hi!
> I were thinking how could be Network Manager's integration with
> dnsmasq
> improved.
> Today it is running separate service in NetworkManager.service. I
> thought about possible solution and think have found solution.
> Dnsmasq can include all files with matching pattern from a directory.
> On
> Fedora, it uses /etc/dnsmasq.d for normal service and
> /etc/NetworkManager/dnsmasq.d for dnsmasq running from dns=dnsmasq
> mode
> in NM.
> What if default dnsmasq.service just included also
> /run/dnsmasq.d/*.conf? That would allow starting real dnsmasq.service
> from NM. But it could add additional  configuration snippet into
> /run/dnsmasq.d/NetworkManager.conf, for example enable-dbus. It would
> then be able to also enable dnssec validation just for some
> connections.
> When NM would need to stop dnsmasq, it would make this file empty.
> What do you think about this integration? Would it be better than
> bundling dnsmasq into NetworkManager.service?
> Cheers,
> Petr

As you say, NetworkManager can run dnsmasq as DNS plugin by configuring
`[main].dns=dnsmasq` in `man NetworkManager.conf`.

In that mode, NetworkManager will spawn the dnsmasq process.
Doing that is undesirable, for several reasons.

I agree, it would be much better, if dnsmasq could run as a separate
service. In the best case, dnsmasq could be D-Bus activated, then it
doesn't even have to be a systemd service (altough, on systemd systems,
of course systemd would start the dnsmasq service).

When would dnsmasq reload those files? Usually, we would prefer that
everything can be configured via D-Bus. Of course, if dnsmasq by
default runs without D-Bus, then that wouldn't work. What would those
configuration snippes contain beside `enable-dbus`?

/etc/NetworkManager/dnsmasq.d is a semidocumented thing, where users
could hack the setup by dropping snippets. I wonder how bad it would be
to move away from the way how we do it currently. Maybe we could
symlink all files there from /run. Or maybe we would need to add a
separate dns=dnsmasq2 plugin for the new way.

I would prefer the notion that dnsmasq is just running as a stand-alone
service, and NetworkManager can push interface-specific DNS
configuration to it (basically, like with systemd-resolved) and also
with the notion that there could be other services that configure their
part. For example, WireGuard's wg-quick could configure the DNS server
on the WireGuard interface (though, currently I think that would call
/usr/sbin/resolvconf -- unless systemd-resolved is detected).


networkmanager-list mailing list

Reply via email to