When the dnsmasq package is installed its postinst starts the dnsmasq daemon via the initscript. Dnsmasq initially reads what is most probably an empty file from /var/run/dnsmasq/resolv.conf and so initially can't resolve names. (The file is probably empty because it is generated by /etc/resolvconf/update.d/dnsmasq which is included in the dnsmasq package.) Then the dnsmasq initscript tells resolvconf that dnsmasq is listening at 127.0.0.1. In response to this, resolvconf runs the aforementioned hook script /etc/resolvconf/update.d/dnsmasq which writes a new /var/run/dnsmasq/resolv.conf containing information about other nameservers. The dnsmasq binary notices that the latter file has changed and re-reads it. Meanwhile resolvconf updates /etc/resolv.conf to contain "nameserver 127.0.0.1" so that the resolver will talk to dnsmasq.
It's this "meanwhile" that is the problem. Resolvconf may update resolv.conf to point to dnsmasq before dnsmasq is ready to resolve names on the basis of the information just written to /var/run/dnsmasq/resolv.conf.
In other words, you're right. :)
I think that the postinst should be enhanced such that if /etc/resolvconf/update.d/dnsmasq has appeared or changed on install or upgrade then it (the postinst) does "resolvconf -u" before starting dnsmasq. The postinst should refrain from doing the "resolvconf -u" if IGNORE_RESOLVCONF is set in /etc/default/dnsmasq.
When the dnsmasq package is installed its postinst starts the dnsmasq daemon via the initscript. Dnsmasq initially reads what is most probably an empty file from /var/run/ dnsmasq/ resolv. conf and so initially can't resolve names. (The file is probably empty because it is generated by /etc/resolvconf /update. d/dnsmasq which is included in the dnsmasq package.) Then the dnsmasq initscript tells resolvconf that dnsmasq is listening at 127.0.0.1. In response to this, resolvconf runs the aforementioned hook script /etc/resolvconf /update. d/dnsmasq which writes a new /var/run/ dnsmasq/ resolv. conf containing information about other nameservers. The dnsmasq binary notices that the latter file has changed and re-reads it. Meanwhile resolvconf updates /etc/resolv.conf to contain "nameserver 127.0.0.1" so that the resolver will talk to dnsmasq.
It's this "meanwhile" that is the problem. Resolvconf may update resolv.conf to point to dnsmasq before dnsmasq is ready to resolve names on the basis of the information just written to /var/run/ dnsmasq/ resolv. conf.
In other words, you're right. :)
I think that the postinst should be enhanced such that if /etc/resolvconf /update. d/dnsmasq has appeared or changed on install or upgrade then it (the postinst) does "resolvconf -u" before starting dnsmasq. The postinst should refrain from doing the "resolvconf -u" if IGNORE_RESOLVCONF is set in /etc/default/ dnsmasq.