Update 2020: A version of this post was published on Fedora Magazine. The Fedora Magazine post was updated slightly to conform to their style guidelines, but the content is the same.
The dnsmasq plugin is a hidden gem of NetworkManager. When using the plugin, instead of using whatever DNS nameserver is doled out by DHCP, NetworkManager will configure a local copy of dnsmasq that can be customized.
You may ask, why would you want to do this? For me personally, I have two use cases:
- On my laptop, I run a full OpenShift installation. In order to make
this work, I really need to be able to add DNS entries.
- I could create a VM to run a DNS server or run a DNS server locally, but then I have to change my resolv.conf every single time I change networks (and sometimes more often).
- When I’m at home, I want to still be able to access my home
network’s DNS entries while on VPN.
- Many VPNs are configured such that only traffic destined for VPN network gets sent through the tunnel. I can still access all my local network and most traffic goes out the default gateway.
- This is very nice, as it means I can still access my network printer or listen to music from my media server while doing work. However, the VPN connection overwrites my resolv.conf with DNS servers from the VPN network. Therefore, my home network’s DNS is no longer accessible.
The dnsmasq plugin for NetworkManager solves both of these problems.
For, local DNS entries, the plugin can configure local domains will be available no matter what network I’m connected to.
For the VPN scenario, I can configure dnsmasq to forward requests to my home domain to my home DNS server. The VPN’s DNS is set up a as a forwarder in dnsmasq rather than a primary DNS server, so I can resolve both the DNS entries on the VPN network and my own.
Here’s how to configure it in Fedora 29:
For some context, my domain on my laptop is called
laplab and my
home domain is
.cscc. At home my DNS server is
DNS entries in
laplab, most of those are defined in
/etc/hosts. DNSmasq can then slurp them up. I also have some
additional DNS entries defined for a wildcard DNS and some aliases.
These are the five files that need to be added. NetworkManager uses a config directory. Concievably, you could lay these files out differently if desired:
# /etc/NetworkManager/conf.d/00-use-dnsmasq.conf # # This enabled the dnsmasq plugin. [main] dns=dnsmasq
# /etc/NetworkManager/dnsmasq.d/00-cscc.conf # # This file directs dnsmasq to forward any request to resolve # names under the .cscc domain to 172.31.0.20, my home DNS server. server=/cscc/172.31.0.20
# /etc/NetworkManager/dnsmasq.d/01-laplab.conf # This file sets up the local lablab domain and # defines some aliases and a wildcard. local=/laplab/ address=/.ose.laplab/192.168.101.125 address=/openshift.laplab/192.168.101.120 address=/openshift-int.laplab/192.168.101.120
# /etc/NetworkManager/dnsmasq.d/02-add-hosts.conf # By default, the plugin does not read from /etc/hosts. # This forces the plugin to slurp in the file addn-hosts=/etc/hosts
# /etc/hosts 127.0.0.1 localhost localhost.localdomain ::1 localhost localhost.localdomain 192.168.101.120 ose-lap-jumphost ose-lap-jumphost.laplab 192.168.101.121 ose-lap-master1 ose-lap-master1.laplab 192.168.101.122 ose-lap-master2 ose-lap-master2.laplab 192.168.101.123 ose-lap-master3 ose-lap-master3.laplab 192.168.101.125 ose-lap-infnode1 ose-lap-infnode1.laplab 192.168.101.126 ose-lap-infnode2 ose-lap-infnode2.laplab 192.168.101.127 ose-lap-infnode3 ose-lap-infnode3.laplab 192.168.101.128 ose-lap-node1 ose-lap-node1.laplab 192.168.101.129 ose-lap-node2 ose-lap-node2.laplab 192.168.101.130 ose-lap-node3 ose-lap-node3.laplab
After all those files are in place, restart NetworkManager with
systemctl restart NetworkManager. If everything is working right,
you should see that your
resolv.conf points to
127.0.0.1 and a new
dnsmasq process spawned.
If everything is working right, you should see that your
127.0.0.1 and a new
dnsmasq process spawned.
$ ps -ef | grep dnsmasq dnsmasq 1835 1188 0 08:01 ? 00:00:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d $ cat /etc/resolv.conf # Generated by NetworkManager nameserver 127.0.0.1 $ host ose-lap-jumphost.laplab ose-lap-jumphost.laplab has address 192.168.101.120
This configuration will survive reboots and, in my testing, works with almost every network and VPN I’ve tried it with.