On Fri, 2022-05-27 at 15:30 +0200, Petr Menšík via networkmanager-list wrote: > Hi! > > I were thinking how could be Network Manager's integration with > dnsmasq > improved. > > Today it is running separate service in NetworkManager.service. I > thought about possible solution and think have found solution. > > Dnsmasq can include all files with matching pattern from a directory. > On > Fedora, it uses /etc/dnsmasq.d for normal service and > /etc/NetworkManager/dnsmasq.d for dnsmasq running from dns=dnsmasq > mode > in NM. > > What if default dnsmasq.service just included also > /run/dnsmasq.d/*.conf? That would allow starting real dnsmasq.service > from NM. But it could add additional configuration snippet into > /run/dnsmasq.d/NetworkManager.conf, for example enable-dbus. It would > then be able to also enable dnssec validation just for some > connections. > When NM would need to stop dnsmasq, it would make this file empty. > > What do you think about this integration? Would it be better than > bundling dnsmasq into NetworkManager.service? > > Cheers, > Petr >
As you say, NetworkManager can run dnsmasq as DNS plugin by configuring `[main].dns=dnsmasq` in `man NetworkManager.conf`. In that mode, NetworkManager will spawn the dnsmasq process. Doing that is undesirable, for several reasons. I agree, it would be much better, if dnsmasq could run as a separate service. In the best case, dnsmasq could be D-Bus activated, then it doesn't even have to be a systemd service (altough, on systemd systems, of course systemd would start the dnsmasq service). When would dnsmasq reload those files? Usually, we would prefer that everything can be configured via D-Bus. Of course, if dnsmasq by default runs without D-Bus, then that wouldn't work. What would those configuration snippes contain beside `enable-dbus`? /etc/NetworkManager/dnsmasq.d is a semidocumented thing, where users could hack the setup by dropping snippets. I wonder how bad it would be to move away from the way how we do it currently. Maybe we could symlink all files there from /run. Or maybe we would need to add a separate dns=dnsmasq2 plugin for the new way. I would prefer the notion that dnsmasq is just running as a stand-alone service, and NetworkManager can push interface-specific DNS configuration to it (basically, like with systemd-resolved) and also with the notion that there could be other services that configure their part. For example, WireGuard's wg-quick could configure the DNS server on the WireGuard interface (though, currently I think that would call /usr/sbin/resolvconf -- unless systemd-resolved is detected). best, Thomas _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
