(Executive summary of the following: I think we should fix this by
making nm-dnsmasq listen at ::1.)
Thanks for your much-needed help, Simon.
It is good to know that the "except-interface" avenue is available. We
want, however, to be able to enjoy the advantages of non-bind-interfaces
mode ("unbound mode"??) in standalone dnsmasq insofar as we can.
Certainly standalone dnsmasq should continue to run in unbound mode when
n-m is not installed or when nm-dnsmasq is not in use; so ideally we
would ensure that /etc/NetworkManager/NetworkManager.conf contains
dns=dnsmasq if and only if /etc/dnsmasq.d/nm-dnsmasq contains "bind-
interfaces except-interface=lo". I don't see a very easy way to ensure
this.
In any case it would be better if we never had to force dnsmasq into
bind-interfaces mode.
So instead of switching the nm-dnsmasq listen address from 127.0.0.1 to
127.0.1.1 it seems better to switch that address to ::1: no more
difficult, yet in the latter case standalone dnsmasq can continue to run
in unbound mode as it has traditionally done (unless forced into bind-
interfaces mode by something like libvirt-bin, of course).
Implementing the change to ::1 shouldn't be too hard.
* It's a one-line change to network-manager where it starts dnsmasq and another
one-line change where it register's the latter's address with resolvconf.
On a system with n-m and no standalone dnsmasq this will result in
/etc/resolv.conf containing "nameserver ::1" and the resolver will connect to
nm-dnsmasq. On a system with standalone dnsmasq and no n-m this will be no
different from the traditional state of affairs, with /etc/resolv.conf
containing "nameserver 127.0.0.1" and the resolver connecting to standalone
dnsmasq.
On a system with both n-m and standalone dnsmasq this will *also* result in
/etc/resolv.conf containing "nameserver 127.0.0.1" and the resolver connecting
to standalone dnsmasq. This is probably unwanted, but is easily fixed by
* changing network-manager so that it registers the ::1 address under the name
"nm-dnsmasq" (name open to discussion) instead of under the name
"NetworkManager" (which can still be used for registering external nameserver
information in the dns!=dnsmasq case);
* changing resolvconf so that it includes the pattern "nm-dns" at the top of
/etc/resolvconf/interface-order.
Then on a system with both n-m and dnsmasq, /etc/resolv.conf will contain
"nameserver ::1" and the resolver will use nm-dnsmasq.
The remaining challenge then is to see to it that NM sends the address
127.0.0.1 to nm-dnsmasq via /var/run/nm-dns-dnsmasq.conf when there is a
local nameserver running that provides general name service. This would
probably have to be configurable via the GUI since it's hard to tell
whether or not a locally running nameserver provides general name
service.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/959037
Title:
NM-controlled dnsmasq prevents other DNS servers from running, yet
network-manager doesn't Conflict with their packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/djbdns/+bug/959037/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
