DNSMasq not working properly with NetworkManager.

KristVB · 2016-08-09 13:54:30

Hello,

I have setup NetworkManager to use DNSMasq. This is not working as expected...

I have a wired connection to my internet router, which goes out to the internet. The router has itself a DNS cache. But on my laptop I am also using dnsmasq, to deal with the fact that my networks change regularly (especially as I bring up and down VPN connections).
My config:

NetworkManager.conf

[main]
plugins=keyfile
dhcp=internal
dns=dnsmasq

/etc/NetworkManager/dnsmasq.d/cache.conf

clear-on-reload
no-negcache
log-queries=extra

When I bring up the wired connection DNSMasq configures the correct DNS server:

Aug 09 15:26:51 architect dnsmasq[4452]: warning: no upstream servers configured
Aug 09 15:26:51 architect dnsmasq[4452]: cleared cache
Aug 09 15:26:51 architect dnsmasq[4452]: setting upstream servers from DBus
Aug 09 15:26:51 architect dnsmasq[4452]: using nameserver 192.168.88.1#53(via enp0s25)
Aug 09 15:26:51 architect dnsmasq[4452]: using nameserver 192.168.1.1#53(via enp0s25)
Aug 09 15:26:51 architect dnsmasq[4452]: cleared cache

And DNS queries work. Except if I do a query for a host that is on my (currently not connected) VPN. But that is expected.
For example, a dns query for foo.example.com will fail.

Aug 09 15:29:18 architect dnsmasq[4452]: 65 127.0.0.1/49414 query[A] foo.example.com from 127.0.0.1
Aug 09 15:29:18 architect dnsmasq[4452]: 65 127.0.0.1/49414 forwarded foo.example.com to 192.168.88.1

But as the log shows, it does get correctly forwarded to my upstream server.

Now I bring up my VPN. When the VPN is up a DNS server becomes available that can resolve example.com:

Aug 09 15:33:05 architect dnsmasq[4452]: setting upstream servers from DBus
Aug 09 15:33:05 architect dnsmasq[4452]: using nameserver 192.168.88.1#53(via enp0s25)
Aug 09 15:33:05 architect dnsmasq[4452]: using nameserver 192.168.1.1#53(via enp0s25)
Aug 09 15:33:05 architect dnsmasq[4452]: using nameserver 10.11.5.19#53 for domain example.com
Aug 09 15:33:05 architect dnsmasq[4452]: using nameserver 10.11.5.19#53 for domain 110.50.10.10.in-addr.arpa
Aug 09 15:33:05 architect dnsmasq[4452]: using nameserver 10.11.5.19#53 for domain 10.in-addr.arpa
Aug 09 15:33:05 architect dnsmasq[4452]: cleared cache

What I now expect is that a query for foo.example.com works. I expect DNSMasq to forward this query to the upstream server set for that domain.
I expect to see in the log:

Aug 09 15:33:31 architect dnsmasq[4452]: 196 127.0.0.1/57533 query[A] foo.example.com from 127.0.0.1
Aug 09 15:33:31 architect dnsmasq[4452]: 196 127.0.0.1/57533 forwarded foo.example.com  to 10.11.5.19
Aug 09 15:33:31 architect dnsmasq[4452]: 196 127.0.0.1/57533 reply foo.example.com is ...

But what I get is that queries for foo.example.com still fail. and the logs show just this:

Aug 09 15:33:31 architect dnsmasq[4452]: 196 127.0.0.1/57533 query[A] foo.example.com from 127.0.0.1

when I do the following I do get a result.

dig @10.11.5.19   foo.example.com

This shows that the DNS server works, is reacheable, and can resolve the name.
But for some reason dnsmasq chooses not to forward requests to this server.

Why?

I set "clear-on-reload", which dnsmasq does, as I see "clearing cache" in the logs whenever my network connections change.

If I send a SIGUSR1 dnsmasq dumps cache and statistics. There I see:

Aug 09 15:52:17 architect dnsmasq[4452]: time 1470750737
Aug 09 15:52:17 architect dnsmasq[4452]: cache size 400, 0/160 cache insertions re-used unexpired cache entries.
Aug 09 15:52:17 architect dnsmasq[4452]: queries forwarded 223, queries answered locally 104
Aug 09 15:52:17 architect dnsmasq[4452]: queries for authoritative zones 0
Aug 09 15:52:17 architect dnsmasq[4452]: server 192.168.88.1#53: queries sent 33, retried or failed 0
Aug 09 15:52:17 architect dnsmasq[4452]: server 192.168.1.1#53: queries sent 83, retried or failed 0
Aug 09 15:52:17 architect dnsmasq[4452]: server 10.11.5.19#53: queries sent 0, retried or failed 0
Aug 09 15:52:17 architect dnsmasq[4452]: Host                                     Address                        Flags      Expires
...

So no queries get forwarde to 10.11.5.19

But why?

This has me completely baffled. As far as I can see I did everything right. What have I overlooked?

alive4ever · 2016-08-11 09:33:31

Instead of relying on NetworkManager internal dhcp, you should use external dhcp client such as dhclient

# pacman -S dhclient

Using dhclient as dhcp backend, your NetworkManager.conf should be modified as below

[main]
plugins=keyfile
dhcp=dhclient
dns=dnsmasq

I've been using this setup and it works fine.

eworm · 2016-08-31 19:01:40

Please try dnsmasq 2.76-2 from [testing].

Arch Linux

#1 2016-08-09 13:54:30

DNSMasq not working properly with NetworkManager.

#2 2016-08-11 09:33:31

Re: DNSMasq not working properly with NetworkManager.

#3 2016-08-31 19:01:40

Re: DNSMasq not working properly with NetworkManager.

Board footer