Dnsmasq – How to Get Dnsmasq Private Nameserver to Work with NetworkManager

dnsmasqlinuxlinux-mintnetworkingnetworkmanager

Just learning about networking.

I'm on Mint-18. Use network-manager. dnsmasq is enabled.

I would like addresses that end with a particular domain-name to get resolved through a private-nameserver.

When I add a private-nameserver using the server option to the dnsmasq configuration file, everything fails. I can't even resolve google.com:

> nslookup google.com
;; connection timed out; no servers could be reache

If I remove the server option and add the same private-nameserver to the top of \etc\resolve.conf, restart network-manager things work again and I can resolve private-hosts names.

> nslookup abcprivate.net
Server:     nn.nn.nn.nn
Address:    nn.nn.nn.nn#53

Non-authoritative answer:
Name:   abcprivate.net
Address: mm.mm.mm.mm

So I know that the private-nameserver is correct. So it must be the way I'm configuring dnsmasq.

Here is my config file

>cat /etc/NetworkManager/dnsmasq.d/dnsmasq.conf
server=/abcprivate.net/nn.nn.nn.nn

where abcprivate.net is the domain of the private network, and nn are digits.

Best Answer

It turned out that my settings were correct but they weren't being used.

>ps ax | grep dnsmasq
 1273 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d

As can be seen it wasn't using the conf file...I did a few other tests to make sure that was the case.

I did end up solving the problem, but I did it by:

  • Disabling Network-manager dnsmasq plugin: comment out dns line in /etc/NetworkManager/NetworkManager.conf
  • Moving the /etc/NetworkManager/dnsmasq.d/dnsmasq.conf to /etc/dnsmasq.conf
  • Adding a catch all name server to the /etc/dnsmasq.conf (see bellow for file listing)
  • Adding the dnsmasq address to the top of the /etc/resolve.conf (by changing /etc/resolvconf/resolv.conf.d/head file...see bellow for file listing)
  • Starting dnsmasq such that it won't read the resolve.conf: dnsmasq -d -R -q (I wanted to log the queries on the screen so that I could see what was going on).
  • One I had everything working I encapsulated the dnsmasq in a systemD unit-file
$ cat /etc/dnsmasq.conf
cache-size=1000
listen-address=127.0.1.1
server=8.8.8.8
server=/abcprivate.net/nn.nn.nn.nn
cache-size=1000

$ cat /etc/resolvconf/resolv.conf.d/head    
nameserver 127.0.1.1

$ cat /etc/systemd/system/dnsmasq.service
[Unit]
Description=SystemD - Dnsmasq is a Domain Name System (DNS) forwarder
Requires=network-manager.service

[Service]
Type=simple
ExecStart=/usr/sbin/dnsmasq -d -q -R
Related Question