Ubuntu
djbdns package

Comment 60 for bug 959037

Revision history for this message

Thomas Hood (jdthood) wrote on 2012-06-12: Re: NM-controlled dnsmasq prevents other DNS servers from running, yet network-manager doesn't Conflict with their packages

#60

(Executive summary of the following: I think we should fix this by making nm-dnsmasq listen at ::1.)

Thanks for your much-needed help, Simon.

It is good to know that the "except-interface" avenue is available. We want, however, to be able to enjoy the advantages of non-bind-interfaces mode ("unbound mode"??) in standalone dnsmasq insofar as we can. Certainly standalone dnsmasq should continue to run in unbound mode when n-m is not installed or when nm-dnsmasq is not in use; so ideally we would ensure that /etc/NetworkManager/NetworkManager.conf contains dns=dnsmasq if and only if /etc/dnsmasq.d/nm-dnsmasq contains "bind-interfaces except-interface=lo". I don't see a very easy way to ensure this.

In any case it would be better if we never had to force dnsmasq into bind-interfaces mode.

So instead of switching the nm-dnsmasq listen address from 127.0.0.1 to 127.0.1.1 it seems better to switch that address to ::1: no more difficult, yet in the latter case standalone dnsmasq can continue to run in unbound mode as it has traditionally done (unless forced into bind-interfaces mode by something like libvirt-bin, of course).

Implementing the change to ::1 shouldn't be too hard.
* It's a one-line change to network-manager where it starts dnsmasq and another one-line change where it register's the latter's address with resolvconf.
On a system with n-m and no standalone dnsmasq this will result in /etc/resolv.conf containing "nameserver ::1" and the resolver will connect to nm-dnsmasq. On a system with standalone dnsmasq and no n-m this will be no different from the traditional state of affairs, with /etc/resolv.conf containing "nameserver 127.0.0.1" and the resolver connecting to standalone dnsmasq.
On a system with both n-m and standalone dnsmasq this will *also* result in /etc/resolv.conf containing "nameserver 127.0.0.1" and the resolver connecting to standalone dnsmasq. This is probably unwanted, but is easily fixed by
* changing network-manager so that it registers the ::1 address under the name "nm-dnsmasq" (name open to discussion) instead of under the name "NetworkManager" (which can still be used for registering external nameserver information in the dns!=dnsmasq case);
* changing resolvconf so that it includes the pattern "nm-dns" at the top of /etc/resolvconf/interface-order.
Then on a system with both n-m and dnsmasq, /etc/resolv.conf will contain "nameserver ::1" and the resolver will use nm-dnsmasq.

The remaining challenge then is to see to it that NM sends the address 127.0.0.1 to nm-dnsmasq via /var/run/nm-dns-dnsmasq.conf when there is a local nameserver running that provides general name service. This would probably have to be configurable via the GUI since it's hard to tell whether or not a locally running nameserver provides general name service.

(Executive summary of the following: I think we should fix this by making nm-dnsmasq listen at ::1.)

Thanks for your much-needed help, Simon.

It is good to know that the "except-interface" avenue is available.  We want, however, to be able to enjoy the advantages of non-bind-interfaces mode ("unbound mode"??) in standalone dnsmasq insofar as we can. Certainly standalone dnsmasq should continue to run in unbound mode when n-m is not installed or when nm-dnsmasq is not in use; so ideally we would ensure that /etc/NetworkManager/NetworkManager.conf contains dns=dnsmasq if and only if /etc/dnsmasq.d/nm-dnsmasq contains "bind-interfaces except-interface=lo".  I don't see a very easy way to ensure this.

In any case it would be better if we never had to force dnsmasq into bind-interfaces mode.

Implementing the change to ::1 shouldn't be too hard.
* It's a one-line change to network-manager where it starts dnsmasq and another one-line change where it register's the latter's address with resolvconf.
On a system with n-m and no standalone dnsmasq this will result in /etc/resolv.conf containing "nameserver ::1" and the resolver will connect to nm-dnsmasq.  On a system with standalone dnsmasq and no n-m this will be no different from the traditional state of affairs, with /etc/resolv.conf containing "nameserver 127.0.0.1" and the resolver connecting to standalone dnsmasq.
On a system with both n-m and standalone dnsmasq this will *also* result in /etc/resolv.conf containing "nameserver 127.0.0.1" and the resolver connecting to standalone dnsmasq.  This is probably unwanted, but is easily fixed by
* changing network-manager so that it registers the ::1 address under the name "nm-dnsmasq" (name open to discussion) instead of under the name "NetworkManager" (which can still be used for registering external nameserver information in the dns!=dnsmasq case);
* changing resolvconf so that it includes the pattern "nm-dns" at the top of /etc/resolvconf/interface-order.
Then on a system with both n-m and dnsmasq, /etc/resolv.conf will contain "nameserver ::1" and the resolver will use nm-dnsmasq.

The remaining challenge then is to see to it that NM sends the address 127.0.0.1 to nm-dnsmasq via /var/run/nm-dns-dnsmasq.conf when there is a local nameserver running that provides general name service.  This would probably have to be configurable via the GUI since it's hard to tell whether or not a locally running nameserver provides general name service.

Ubuntudjbdns package

Comment 60 for bug 959037

Ubuntu
djbdns package