You are not logged in.
Hi all,
I am trying to configure local dnsmasq to be able to use multiple DNS servers.
My problem: /etc/resolv.conf file is overwritten by Connman even with openresolv installed and configured. As far as I understand this should prevent /etc/resolv.conf from being overwritten with the DNS from DHCP server and the DNS servers offered by DHCP should be added to a file specified in /etc/resolvconf.conf.
After connecting to WiFi:
$ cat /etc/resolv.conf
# Generated by Connection Manager
search home.lan
nameserver 192.168.160.254
nameserver 208.67.222.222
even though:
$ cat /etc/resolvconf.conf
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
resolv_conf=/etc/resolv.conf
interface_order="lo* wlp* enp*"
name_servers=127.0.0.1
dnsmasq_conf=/etc/dnsmasq.d/20-openresolv-generated.conf
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
dnsmasq_conf and dnsmasq_resolv files from resolvconf.conf file and also empty:
$ cat /etc/dnsmasq-resolv.conf
# Generated by resolvconf
$ cat /etc/dnsmasq.d/20-openresolv-generated.conf
# Generated by resolvconf
# Domain specific servers will be sent over dbus
I am a little confused if I understand openresolv correctly. Maybe I am missing something.
To give some more background for you to understand my problem — I am using my laptop mostly in two places — at home and at work — and only sometimes in other places.
HOME:
DNS server 192.168.160.254
(plus one more from Google in case the above one is down)
search domain home.lan
WORK:
DNS server 192.168.16.2
(plus one more from OpenDNS in case the above one is down)
search domain upn
Additionally, I run an OpenVPN client here, so I can access my home network. I would like then to forward all queries for *.home.lan to 192.168.160.254, so I can use domain instead of IP.
To make things more complicated I also run a two or three VPN clients with their separate DNS servers, but I want to forward queries only for specific domains to those servers (just like for *.home.lan).
To that point, everything seems quite easy — I could write-protect resolv.conf, use a hard-coded (in dnsmasq configuration) upstream DNS servers (say, for example, OpenDNS) and a couple rules for forwarding queries on a domain basis. The problem is that I want to use the DNS servers provided by the router because (at home and at work) those are pi-hole's blocking ads. So my desired domain would look like this:
1. Forward query on a domain basis to a proper DNS server (*.upn to .16.2, *.home.lan to .160.254, *.xxx.intrnal.com to 10.100.100.1 and so on);
2. Forward query to a DNS server provided from DHCP (in most cases it will be pi-hole, so the ads will be blocked);
3. Forward query to some OpenDNS servers if the above DNS server is down.
That's my configuration:
$ cat /etc/dnsmasq.conf
conf-dir=/etc/dnsmasq.d/,*.conf
$ cat /etc/dnsmasq.d/10-localhost.conf
no-poll
interface=lo
no-dhcp-interface=lo
bind-interfaces
strict-order
resolv-file=/etc/dnsmasq-resolv.conf
server=208.67.222.222
server=208.67.220.220
$ cat /etc/dnsmasq.d/30-overwrites.conf
server=/upn/192.168.16.2
server=/home.lan/192.168.160.254
server=/somevpndomain/10.2.1.1
server=/xxx.internal.com/10.100.100.1
$ grep -v '#' /etc/dhcpcd.conf
hostname
duid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
option interface_mtu
require dhcp_server_identifier
slaac private
noipv4ll
$ cat /etc/connman/main.conf
[General]
NetworkInterfaceBlacklist=vmnet,vboxnet,virbr,ifb,docker,veth,eth,wlan
I will be really grateful for any tips!
Last edited by kubaxvx (2018-01-04 19:00:13)
Offline
connman doesn't use openresolv, it has a built-in dns server or directly writes resolv.conf to /var/run/connman/ or /etc. After you have disabled the internal resolver of connman, you have to make sure that the directory /var/run/connman exists and is writable by connman. If /var/run/connman exists, then connman leaves /etc/resolv.conf alone and only writes to /var/run/connman/resolv.conf. Noy you can either symlink /etc/resolv.conf to that file, ignore it, or use e.g. a bash-script with inotify-wait to send it to openresolv. You can create the directory in /var/run e.g. with tmpfiles.d or by using the RuntimeDirectory entry in the systemd service file, e.g. with an override like this.
[Service]
RuntimeDirectory=connman
ExecStart=
ExecStart=/usr/bin/connmand -n --nodnsproxy
Last edited by progandy (2018-01-04 14:04:33)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Thanks for the tip. This did not solve my problem (as resolvconf was not run by connman), but it got me thinking and I solved it in a different way. I use cmst as a connman gui and it allows to specify an external command that will be run after connecting. I specified "sudo resolvconf -u" as the command to run, edited sudoers so my user can run this without password (the command is run as a regular user) and everything worked. Right now after connecting connman overwrites resolv.conf for a second, but it runs resolvconf after that so resolv.conf files gets back to normal and dnsmasq-resolv.conf is overwritten with the DNS servers received from DHCP that was written by connman to resolv.conf. Thanks!
Offline