Ubuntu Precise 12.04: Get rid of NM’s dnsmasq and setup your own!

Anyone from an older version with a working dnsmasq setup must have noticed that after a dist-upgrade to Ubuntu Precise 12.04 dnsmasq is having trouble on startup. The reason is simple. On the upcoming 12.04 Desktop release, Network Manager is starting its own dnsmasq instance which is binded on the localhost ip (127.0.0.1) and is responsible for making sure all LAN, WAN or even VPN connections have a proper DNS handling from a routing prespective. No caching at all! For more info on that change read this blog post.

As already described, NM’s dnsmasq instance listens on localhost. With a little help from the resolvconf package (this is also new to 12.04 Desktop), the /etc/recolv.conf file will look like this.

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
  # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
  nameserver 127.0.0.1

The previous resolv.conf entry means that all DNS requests from your Desktop will be headed to the local dnsmasq instance started by the Network Manager.

If you are a power user and you want your dnsmasq custom configuration to be NM dependent all you have to do is comment out the “dns=dnsmasq” parameter in the Network Manager’s configuration

sudo vi /etc/NetworkManager/NetworkManager.conf

and restart the NM service

sudo restart network-manager

After that, try to restart your previously configured dnsmasq and see the results. Everything is in place now!

  1. /etc/resolv.conf is no longer dependant on resolvconf package and is updated based on the DNS entries of each connection in the Network Manager
  2. dnsmasq can not bind freely on the localhost (127.0.0.1:53)

Last but not least, here are some dnsmasq configuration parameters I found helpful until now.
You should use them in “/etc/dnsmasq.conf” (remember to edit it as root with sudo).

# Listen only on localhost
listen-address=127.0.0.1
bind-interfaces

# The default is 1000 dns entries to be cached.
cache-size=10000

# Make sure that DNS requests going out contain a valid domain
domain-needed

# The resolv file which dnsmasq will check for its default nameservers
# The syntax for that file is the same as for classic resolv.conf
resolv-file=/etc/resolv.dnsmasq

# Do not try to check the default /etc/resolv.conf file for any reason
no-poll

# All DNS requests for domain.prive, its subdomains and the reverse maps
# should be sent to the proper DNS. Adjust to your environment.
server=/domain.prive/10.0.0.1
server=/10.in-addr.arpa/10.0.0.1

 

For Ubuntu 12.10 installations make sure you add the following in /etc/defaults/dnsmasq. It is required for proper binding on the loopback interface. Thanks to Tasos Chatzipavlou for pointing that out! :)

DNSMASQ_EXCEPT=lo

Restart the dnsmasq service and do some DNS tests to make sure it working as expected

sudo service dnsmasq restart

dig www.google.com @127.0.0.1
dig blah.domain.prive @127.0.0.1
...

If the previous dig results have proven to be ok then edit your Network Manager LAN connections and make sure they have dnsmasq as a primary DNS server. The address is 127.0.0.1.

To monitor dnsmasq’s statistics (cache usage, etc) all you have to do is send the process a USR1 signal and the statistics will be outputed in syslog.

sudo kill -USR1 `pgrep dnsmasq`
sudo less /var/log/syslog

The output should similar to that bellow

Mar 31 18:55:06 pc dnsmasq[16919]: time 1333209306
Mar 31 18:55:06 pc dnsmasq[16919]: cache size 10000, 0/2877 cache insertions re-used unexpired cache entries.
Mar 31 18:55:06 pc dnsmasq[16919]: queries forwarded 1437, queries answered locally 907
Mar 31 18:55:06 pc dnsmasq[16919]: server 194.219.227.2#53: queries sent 0, retried or failed 0
Mar 31 18:55:06 pc dnsmasq[16919]: server 10.32.54.4#53: queries sent 64, retried or failed 32
Mar 31 18:55:06 pc dnsmasq[16919]: server 193.92.3.11#53: queries sent 1118, retried or failed 2
Mar 31 18:55:06 pc dnsmasq[16919]: server 193.92.150.3#53: queries sent 360, retried or failed 0
  • Awesome post Sokratis ! Thank you this really saved me going gray ! I am running both bind9 and NM-dnsmasq on an Ubuntu 14.04.1 64-bit Lenovo W520 laptop. I was having an issue with my private KVM guest network occassionally getting erroneous non-authoritative lookups from NM-dnsmasq when what was desired was for all lookups for that network to go to bind9. The details of the solution (which was based on your description of the “server” “domain-prive” attribute, solved it and was exactly what I was looking for for hours! Thank you so much for taking the time to post this. You can read about my particular setup and why I designed it so here at my blog: https://sites.google.com/site/nandydandyoracle/technologies/kvm-dns-ul-14-04#TOC-Configure-Private-Network-on-NM-dnsmasq
    Thanks!

    • Hi Gilbert! I’m really glad my post helped you with your KVM setup! I’ve just read your blog post and couldn’t notice the way your Master DNS handles recursive querying. I believe you may end up in a Catch-22 situation by recursively querying root DNS servers for KVM guest originated requests.

      Let’s say for example that your laptop gets connected to a WiFi network. Most of the cases involve DHCP assignment of IP address, gateway and dns settings. There is great chance that this particular WiFi is configured to allow DNS queries destined only to its internal DNS server or even enforce that policy through some kind of captive-portal or other means. In that scenario your Master DNS would not have internet access to resolve the recursive queries from your KVM guests.

      Maybe an optimal solution would be your Master DNS to forward queries to the local dnsmasq service. That way it won’t have any problem operating under scenarios such as the previous one. I hope I didn’t over-engineer something, just trying to cover every possible edge-case. Would love to learn your thoughts on that. :)

  • Anonymous Coward

    What the dnsmasq started by network manager does is that it doesn’t cache names across sessions – for example, when you start/stop a VPN, or switch from wired to wireless, it restarts with an empty cache. It does cache DNS entries during one session, i.e. between restarts.

    Not caching things across restarts is done on purpose. For example, the IP under which google.com is reachable might be different between your wired and wireless connections. Switching from one VPN to another might leave DNS entries for the same IP in place but corresponding to different names. So not caching between sessions is IMO a good thing, even if it significantly reduces the helpfulness of dnsmasq in some cases.

    I was using dnsmasq on the desktop because in the company network all DNS servers are far away, so occasionally I got high latency for repeated DNS lookups for the same hostname. This problem is properly handled by dnsmasq even with the config/parameters used by network manager. So if the reason you’re running dnsmasq is a similar one, you shouldn’t need to disable the NM-managed instance, in order to run your own.

    • The problem with NM-managed dnsmasq is that it doesn’t allow you to configure it to your exact needs. If you find caching to be a problem for you daily usage, you can just disable it from dnsmasq.conf. :)

      I understand your concern and you may be right for mobile users (laptops, etc) but the average desktop user shouldn’t have any problem at all.

  • Crafunzion

    GREAT post dude.

  • Tasos Chatzipavlou

    I have just run into the same problem. One more point to take into account is the one described in

    http://www.tolaris.com/2013/02/01/non-localhost-dnsmasq-breaks-dns-on-ubuntu-12-10/

    ” as of Ubuntu 12.10, network manager’s dnsmasq listens on 127.0.1.1. So when then dnsmasq init script starts, it tells resolvconf that a DNS server exists on 127.0.0.1 even though it doesn’t. Then resolvconf chooses that as the best choice resolver, and poof – no DNS”

    I have followed the instructions to add

    DNSMASQ_EXCEPT=lo

    into /etc/default/dnsmasq and restart dnsmasq.

    I admit it worked for me. After restarting dnsmasq and network manager my /etc/resolv.conf file contains
    nameserver 127.0.1.1
    instead of
    nameserver 127.0.0.1

    Cheers

  • Thank you. Quick, to the point, everything I need to get running after wasting an hour.

  • Pingback: DNS Caching in Ubuntu Desktop | sine walker()

  • Well, I’m stuck. I’m also going to post this at Ubuntuforums, but figured I should start here. I commented out the line in NetworkManager.conf and restarted network-manager as instructed. I’ve tried several different commands to start dnsmasq (which I installed yesterday and seemed to be working yesterday). No matter what I do I get the error message: “dnsmasq: failed to create listening socket for port 53: Address already in use” I restarted my machine. No joy. There isn’t even a dnsmasq process running. There was yesterday, before I installed dnsmasq.. resolvconf is still managing my resolv.conf file. Things are working, but my DNS lookups are slow (probably my ISPs fault), and I’m unhappy. Got any suggestions? Oh, yeah, I’m running Precise Pangolin on an Acer Aspire M-1610 with 1GB of RAM and an 1800 MHz dual-core CPU. It was a upgrade, rather than a clean install. When I run “lsof -i :53” to find out what’s using port 53 I get:

    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    transmiss 2125 roger 112u IPv4 402759 0t0 UDP localhost.localdomain:58984->localhost.localdomain:domain
    firefox 2676 roger 58u IPv4 402771 0t0 UDP localhost.localdomain:38281->localhost.localdomain:domain

    Can’t think what to try next.

    • By checking my /etc/dnsmasq.conf I see that I have configured it to listen on localhost and only there
      listen-address=127.0.0.1
      listen-address=::1
      bind-interfaces

      Check if you have the same settings, maybe something is broken in your configuration and it tries to bind on an IP/interface which doesn’t exist?

  • Will

    Rich:

    on ubuntu 12.04 there is no /etc/dnsmasq.conf by default (not on my boxen anyway):

    ps -alxww|grep dnsmasq
    … /usr/sbin/dnsmasq –no-resolv –keep-in-foreground –no-hosts –bind-interfaces –pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid –listen-address=127.0.0.1 –conf-file=/var/run/nm-dns-dnsmasq.conf –cache-size=0 –proxy-dnssec

    cat /var/run/nm-dnsmasq.conf
    server=10.0.0.1
    server=205.171.3.25
    server=205.171.3.65
    server=205.171.2.25
    server=205.171.2.65

    (from my DHCP server)

    IOW: I think network manager sets up this dynamic conf file for dnsmasq.

    I have no idea if what goes into this file can be configured by (presumably) somehow configuring network manager.

    In my case, dnsmasq seems to be sending some queries intended for my local name server to one of the others, possibly without a domain in some cases. This is only a guess so far but I am pretty sure dnsmasq started by network manager is responsible for the problem since my local DNS server does not log a query when this happens.

    • Well, to be honest I had dnsmasq setup and configured from a previous Ubuntu release.

      The dnsmasq which is installed with NetworkManager is just what you pointed out, a non-caching dns just to route requests properly depending on the active connections of NM.

      In my post I described this extra “functionality” of NM’s dnsmasq and how to configured so that it can exist happily along with any previous dns service (dnsmasq, bind, etc).

      Hope that helps you.

  • Thanks

    Just what I needed! dnsmasq messes up everything and I cannot even do a zone transfer like the old days. DISABLED!

  • If anyone googles maybe this output will help them find your info

    $ sudo lsof -i :53
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    dnsmasq 2263 nobody 4w IPv4 13282 0t0 UDP localhost.localdomain:domain
    dnsmasq 2263 nobody 5u IPv4 13283 0t0 TCP localhost.localdomain:domain (LISTEN)

    Do you know where dnsmasq is getting the defaults from as I do not have /etc/dnsmasq.conf from a standard install.

    • To be honest I haven’t tested it without any config file in place but according to the manual (man dnsmasq), the default behavior would be to open /etc/resolv.conf, read the upstream recursive dns servers and start caching/forwarding requests by listening on all local interfaces.

      On your setup what problem are you facing without having any dnsmasq.conf ?

  • Don’t mention it! Same reaction here but fortunately this is why Open Source is great. It lets the user do whatever he wants to do. Glad I could help! :)

  • AK

    Thank you for the post! I ran into this problem myself (and I think it’s a bug)… didn’t realize NM was configuring its own dnsmasq!

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close