Network Manager and DNSmasq plug-in
Update 2020: A version of this post was published on Fedora Magazine. The Fedora Magazine post was updated slightly to conform to their style guidelines, but the content is the same.
The dnsmasq plugin is a hidden gem of NetworkManager. When using the plugin, instead of using whatever DNS nameserver is doled out by DHCP, NetworkManager will configure a local copy of dnsmasq that can be customized.
You may ask, why would you want to do this? For me personally, I have two use cases:
- On my laptop, I run a full OpenShift installation. In order to make
this work, I really need to be able to add DNS entries.
- I could create a VM to run a DNS server or run a DNS server locally, but then I have to change my resolv.conf every single time I change networks (and sometimes more often).
- When I’m at home, I want to still be able to access my home
network’s DNS entries while on VPN.
- Many VPNs are configured such that only traffic destined for VPN network gets sent through the tunnel. I can still access all my local network and most traffic goes out the default gateway.
- This is very nice, as it means I can still access my network printer or listen to music from my media server while doing work. However, the VPN connection overwrites my resolv.conf with DNS servers from the VPN network. Therefore, my home network’s DNS is no longer accessible.
The dnsmasq plugin for NetworkManager solves both of these problems.
For, local DNS entries, the plugin can configure local domains will be available no matter what network I’m connected to.
For the VPN scenario, I can configure dnsmasq to forward requests to my home domain to my home DNS server. The VPN’s DNS is set up a as a forwarder in dnsmasq rather than a primary DNS server, so I can resolve both the DNS entries on the VPN network and my own.
Here’s how to configure it in Fedora 29:
For some context, my domain on my laptop is called laplab
and my
home domain is .cscc
. At home my DNS server is 172.31.0.20
. For
DNS entries in laplab
, most of those are defined in
/etc/hosts
. DNSmasq can then slurp them up. I also have some
additional DNS entries defined for a wildcard DNS and some aliases.
These are the five files that need to be added. NetworkManager uses a config directory. Concievably, you could lay these files out differently if desired:
/etc/NetworkManager/conf.d/00-use-dnsmasq.conf
/etc/NetworkManager/dnsmasq.d/02-add-hosts.conf
/etc/NetworkManager/dnsmasq.d/01-laplab.conf
/etc/NetworkManager/dnsmasq.d/00-cscc.conf
/etc/hosts
# /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
#
# This enabled the dnsmasq plugin.
[main]
dns=dnsmasq
# /etc/NetworkManager/dnsmasq.d/00-cscc.conf
#
# This file directs dnsmasq to forward any request to resolve
# names under the .cscc domain to 172.31.0.20, my home DNS server.
server=/cscc/172.31.0.20
# /etc/NetworkManager/dnsmasq.d/01-laplab.conf
# This file sets up the local lablab domain and
# defines some aliases and a wildcard.
local=/laplab/
address=/.ose.laplab/192.168.101.125
address=/openshift.laplab/192.168.101.120
address=/openshift-int.laplab/192.168.101.120
# /etc/NetworkManager/dnsmasq.d/02-add-hosts.conf
# By default, the plugin does not read from /etc/hosts.
# This forces the plugin to slurp in the file
addn-hosts=/etc/hosts
# /etc/hosts
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
192.168.101.120 ose-lap-jumphost ose-lap-jumphost.laplab
192.168.101.121 ose-lap-master1 ose-lap-master1.laplab
192.168.101.122 ose-lap-master2 ose-lap-master2.laplab
192.168.101.123 ose-lap-master3 ose-lap-master3.laplab
192.168.101.125 ose-lap-infnode1 ose-lap-infnode1.laplab
192.168.101.126 ose-lap-infnode2 ose-lap-infnode2.laplab
192.168.101.127 ose-lap-infnode3 ose-lap-infnode3.laplab
192.168.101.128 ose-lap-node1 ose-lap-node1.laplab
192.168.101.129 ose-lap-node2 ose-lap-node2.laplab
192.168.101.130 ose-lap-node3 ose-lap-node3.laplab
After all those files are in place, restart NetworkManager with
systemctl restart NetworkManager
. If everything is working right,
you should see that your resolv.conf
points to 127.0.0.1
and a new
dnsmasq
process spawned.
If everything is working right, you should see that your resolv.conf
points to 127.0.0.1
and a new dnsmasq
process spawned.
$ ps -ef | grep dnsmasq
dnsmasq 1835 1188 0 08:01 ? 00:00:00 /usr/sbin/dnsmasq --no-resolv
--keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid
--listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null
--proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq
--conf-dir=/etc/NetworkManager/dnsmasq.d
$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
$ host ose-lap-jumphost.laplab
ose-lap-jumphost.laplab has address 192.168.101.120
This configuration will survive reboots and, in my testing, works with almost every network and VPN I’ve tried it with.