Ubuntu Precise 12.04: Get rid of NM’s dnsmasq and setup your own!

Anyone from an older version with a working dnsmasq setup must have noticed that after a dist-upgrade to Ubuntu Precise 12.04 dnsmasq is having trouble on startup. The reason is simple. On the upcoming 12.04 Desktop release, Network Manager is starting its own dnsmasq instance which is binded on the localhost ip (127.0.0.1) and is responsible for making sure all LAN, WAN or even VPN connections have a proper DNS handling from a routing prespective. No caching at all! For more info on that change read this blog post.

As already described, NM’s dnsmasq instance listens on localhost. With a little help from the resolvconf package (this is also new to 12.04 Desktop), the /etc/recolv.conf file will look like this.


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

The previous resolv.conf entry means that all DNS requests from your Desktop will be headed to the local dnsmasq instance started by the Network Manager.

If you are a power user and you want your dnsmasq custom configuration to be NM dependent all you have to do is comment out the “dns=dnsmasq” parameter in the Network Manager’s configuration


sudo vi /etc/NetworkManager/NetworkManager.conf

and restart the NM service


sudo restart network-manager

After that, try to restart your previously configured dnsmasq and see the results. Everything is in place now!

  1. /etc/resolv.conf is no longer dependant on resolvconf package and is updated based on the DNS entries of each connection in the Network Manager
  2. dnsmasq can not bind freely on the localhost (127.0.0.1:53)

Last but not least, here are some dnsmasq configuration parameters I found helpful until now.
You should use them in “/etc/dnsmasq.conf” (remember to edit it as root with sudo).


# Listen only on localhost
listen-address=127.0.0.1
bind-interfaces

# The default is 1000 dns entries to be cached.
cache-size=10000

# Make sure that DNS requests going out contain a valid domain
domain-needed

# The resolv file which dnsmasq will check for its default nameservers
# The syntax for that file is the same as for classic resolv.conf
resolv-file=/etc/resolv.dnsmasq

# Do not try to check the default /etc/resolv.conf file for any reason
no-poll

# All DNS requests for domain.prive, its subdomains and the reverse maps
# should be sent to the proper DNS. Adjust to your environment.
server=/domain.prive/10.0.0.1
server=/10.in-addr.arpa/10.0.0.1

Restart the dnsmasq service and do some DNS tests to make sure it working as expected


sudo service dnsmasq restart

dig http://www.google.com @127.0.0.1
dig blah.domain.prive @127.0.0.1

If the previous dig results have proven to be ok then edit your Network Manager LAN connections and make sure they have dnsmasq as a primary DNS server. The address is 127.0.0.1.

To monitor dnsmasq’s statistics (cache usage, etc) all you have to do is send the process a USR1 signal and the statistics will be outputed in syslog.


sudo kill -USR1 `pgrep dnsmasq`
sudo less /var/log/syslog

The output should similar to that bellow


Mar 31 18:55:06 pc dnsmasq[16919]: time 1333209306
Mar 31 18:55:06 pc dnsmasq[16919]: cache size 10000, 0/2877 cache insertions re-used unexpired cache entries.
Mar 31 18:55:06 pc dnsmasq[16919]: queries forwarded 1437, queries answered locally 907
Mar 31 18:55:06 pc dnsmasq[16919]: server 194.219.227.2#53: queries sent 0, retried or failed 0
Mar 31 18:55:06 pc dnsmasq[16919]: server 10.32.54.4#53: queries sent 64, retried or failed 32
Mar 31 18:55:06 pc dnsmasq[16919]: server 193.92.3.11#53: queries sent 1118, retried or failed 2
Mar 31 18:55:06 pc dnsmasq[16919]: server 193.92.150.3#53: queries sent 360, retried or failed 0

Advertisements

9 responses to “Ubuntu Precise 12.04: Get rid of NM’s dnsmasq and setup your own!

  1. Thank you for the post! I ran into this problem myself (and I think it’s a bug)… didn’t realize NM was configuring its own dnsmasq!

  2. If anyone googles maybe this output will help them find your info

    $ sudo lsof -i :53
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    dnsmasq 2263 nobody 4w IPv4 13282 0t0 UDP localhost.localdomain:domain
    dnsmasq 2263 nobody 5u IPv4 13283 0t0 TCP localhost.localdomain:domain (LISTEN)

    Do you know where dnsmasq is getting the defaults from as I do not have /etc/dnsmasq.conf from a standard install.

    • To be honest I haven’t tested it without any config file in place but according to the manual (man dnsmasq), the default behavior would be to open /etc/resolv.conf, read the upstream recursive dns servers and start caching/forwarding requests by listening on all local interfaces.

      On your setup what problem are you facing without having any dnsmasq.conf ?

  3. Just what I needed! dnsmasq messes up everything and I cannot even do a zone transfer like the old days. DISABLED!

  4. Rich:

    on ubuntu 12.04 there is no /etc/dnsmasq.conf by default (not on my boxen anyway):

    ps -alxww|grep dnsmasq
    … /usr/sbin/dnsmasq –no-resolv –keep-in-foreground –no-hosts –bind-interfaces –pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid –listen-address=127.0.0.1 –conf-file=/var/run/nm-dns-dnsmasq.conf –cache-size=0 –proxy-dnssec

    cat /var/run/nm-dnsmasq.conf
    server=10.0.0.1
    server=205.171.3.25
    server=205.171.3.65
    server=205.171.2.25
    server=205.171.2.65

    (from my DHCP server)

    IOW: I think network manager sets up this dynamic conf file for dnsmasq.

    I have no idea if what goes into this file can be configured by (presumably) somehow configuring network manager.

    In my case, dnsmasq seems to be sending some queries intended for my local name server to one of the others, possibly without a domain in some cases. This is only a guess so far but I am pretty sure dnsmasq started by network manager is responsible for the problem since my local DNS server does not log a query when this happens.

    • Well, to be honest I had dnsmasq setup and configured from a previous Ubuntu release.

      The dnsmasq which is installed with NetworkManager is just what you pointed out, a non-caching dns just to route requests properly depending on the active connections of NM.

      In my post I described this extra “functionality” of NM’s dnsmasq and how to configured so that it can exist happily along with any previous dns service (dnsmasq, bind, etc).

      Hope that helps you.

  5. Well, I’m stuck. I’m also going to post this at Ubuntuforums, but figured I should start here. I commented out the line in NetworkManager.conf and restarted network-manager as instructed. I’ve tried several different commands to start dnsmasq (which I installed yesterday and seemed to be working yesterday). No matter what I do I get the error message: “dnsmasq: failed to create listening socket for port 53: Address already in use” I restarted my machine. No joy. There isn’t even a dnsmasq process running. There was yesterday, before I installed dnsmasq.. resolvconf is still managing my resolv.conf file. Things are working, but my DNS lookups are slow (probably my ISPs fault), and I’m unhappy. Got any suggestions? Oh, yeah, I’m running Precise Pangolin on an Acer Aspire M-1610 with 1GB of RAM and an 1800 MHz dual-core CPU. It was a upgrade, rather than a clean install. When I run “lsof -i :53” to find out what’s using port 53 I get:

    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    transmiss 2125 roger 112u IPv4 402759 0t0 UDP localhost.localdomain:58984->localhost.localdomain:domain
    firefox 2676 roger 58u IPv4 402771 0t0 UDP localhost.localdomain:38281->localhost.localdomain:domain

    Can’t think what to try next.

    • By checking my /etc/dnsmasq.conf I see that I have configured it to listen on localhost and only there
      listen-address=127.0.0.1
      listen-address=::1
      bind-interfaces

      Check if you have the same settings, maybe something is broken in your configuration and it tries to bind on an IP/interface which doesn’t exist?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s