12.04: How to add local details to dnsmasq config

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

12.04: How to add local details to dnsmasq config

Paul Smith-2
Hi all.  So, the new integrated dnsmasq / DNS service for Ubuntu 12.04
is nice.  However it only works with NetworkManager enabled software
solutions.

I have a 3rd party VPN tool which is most decidedly NOT integrated with
Network Manager, and I need to add appropriate extra setup to the
dnsmasq configuration to handle the DNS forwarding for that environment.
I used to manage all this myself by hand so I'm quite aware of what
needs to be done and how it all works.

However, I don't know how to add extra content to the dnsmasq
configuration network-manager uses.  I can see that network-manager
starts a dnsmasq server that listens on 127.0.0.1 (good stuff) and that
the configuration file is /var/run/nm-dns-dnsmasq.conf which I assume is
being auto-generated by network manager.

That's all good stuff, BUT I need a way to add my own set of
configuration to that nm-dns-dnsmasq.conf file, preferably dynamically
(so I can script the bring-up and bring-down of my proprietary VPN and
get it added and removed at the appropriate times).

How can I add/remove config from the local DNS configuration?


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

Marius Gedminas-2
Hello,

On Thu, May 31, 2012 at 10:23:59PM -0400, Paul Smith wrote:

> Hi all.  So, the new integrated dnsmasq / DNS service for Ubuntu 12.04
> is nice.  However it only works with NetworkManager enabled software
> solutions.
>
> I have a 3rd party VPN tool which is most decidedly NOT integrated with
> Network Manager, and I need to add appropriate extra setup to the
> dnsmasq configuration to handle the DNS forwarding for that environment.
> I used to manage all this myself by hand so I'm quite aware of what
> needs to be done and how it all works.
>
> However, I don't know how to add extra content to the dnsmasq
> configuration network-manager uses.  I can see that network-manager
> starts a dnsmasq server that listens on 127.0.0.1 (good stuff) and that
> the configuration file is /var/run/nm-dns-dnsmasq.conf which I assume is
> being auto-generated by network manager.
Interesting.  I'm on 12.04 as well, and I also use a VPN tool not
integrated with NetworkManager (openvpn --config /path/to/config-file
--route-nopull --route x.y.0.0 255.255.0.0).  I don't have a
/var/run/nm-dns-dnsmasq.conf on my system, even though I most definitely
have dnsmasq running.

I've configured DNS lookups for the internal domain by adding

  # X.X.X.X is the internal IP of the DNS server.
  server=/example.com/X.X.X.X

to /etc/dnsmasq.d/vpn-dns and doing a 'service dnsmasq restart'.  This
worked quite well until this morning, when the internal DNS went down ;)

> That's all good stuff, BUT I need a way to add my own set of
> configuration to that nm-dns-dnsmasq.conf file, preferably dynamically
> (so I can script the bring-up and bring-down of my proprietary VPN and
> get it added and removed at the appropriate times).
>
> How can I add/remove config from the local DNS configuration?

dnsmasq supposedly has a DBus control protocol of some kind, but I
haven't been able to find documentation for it.

A static configuration works well enough for me.

Marius Gedminas
--
Many people enjoy Perl, many enjoy Python, some enjoy /bin/tcsh.  The latter
population should however, needless to say, be put into working camps.
        -- viktor on Slashdot

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (197 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

Paul Smith-2
On Fri, 2012-06-01 at 10:24 +0300, Marius Gedminas wrote:

> On Thu, May 31, 2012 at 10:23:59PM -0400, Paul Smith wrote:
> > I have a 3rd party VPN tool which is most decidedly NOT integrated with
> > Network Manager, and I need to add appropriate extra setup to the
> > dnsmasq configuration to handle the DNS forwarding for that environment.
> > I used to manage all this myself by hand so I'm quite aware of what
> > needs to be done and how it all works.
> >
> > However, I don't know how to add extra content to the dnsmasq
> > configuration network-manager uses.  I can see that network-manager
> > starts a dnsmasq server that listens on 127.0.0.1 (good stuff) and that
> > the configuration file is /var/run/nm-dns-dnsmasq.conf which I assume is
> > being auto-generated by network manager.
>
> Interesting.  I'm on 12.04 as well, and I also use a VPN tool not
> integrated with NetworkManager (openvpn --config /path/to/config-file
> --route-nopull --route x.y.0.0 255.255.0.0).  I don't have a
> /var/run/nm-dns-dnsmasq.conf on my system, even though I most definitely
> have dnsmasq running.

Did you do a clean install or an upgrade?  I did a clean install (first
time since 2009 or so when I bought my current desktop!)  Perhaps if you
upgrade, the new NM/dnsmasq/resolvconf config is not added.

Also note if you add KVM (virtualization) that will start its own
dnsmasq, to provide network services to the virtual machines.  You can
tell which one is doing what by examining the command line arguments.

> > That's all good stuff, BUT I need a way to add my own set of
> > configuration to that nm-dns-dnsmasq.conf file, preferably dynamically
> > (so I can script the bring-up and bring-down of my proprietary VPN and
> > get it added and removed at the appropriate times).
> >
> > How can I add/remove config from the local DNS configuration?
>
> dnsmasq supposedly has a DBus control protocol of some kind, but I
> haven't been able to find documentation for it.

I don't think this will help.  I want the config file to be modified so
that the configuration is static and persists beyond daemon restarts.

> A static configuration works well enough for me.

Well sure, and as I mentioned above it's worked well for me for a couple
of years as well (with a very complex configuration: I actually have to
use TWO different VPNs at the same time, both with extensive internal
DNS domains).  But now that Ubuntu is trying to solve this problem
natively I was hoping to have the ability to integrate into that instead
of rolling my own.

Any ideas?


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

C de-Avillez-2
In reply to this post by Paul Smith-2
On Thu, 31 May 2012 22:23:59 -0400
Paul Smith <[hidden email]> wrote:

> Hi all.  So, the new integrated dnsmasq / DNS service for Ubuntu 12.04
> is nice.  However it only works with NetworkManager enabled software
> solutions.

<snip/>

> How can I add/remove config from the local DNS configuration?

Hi Paul,

Perhaps the changes should be done to resolvconf instead -- it is now
in use by default on 12.04, and dnsmasq refers to it for name
resolution.

Please see http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ for
the (original) announcement.

Cheers,

..C..

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

Paul Smith-2
On Fri, 2012-06-01 at 13:49 -0500, C de-Avillez wrote:

> On Thu, 31 May 2012 22:23:59 -0400
> Paul Smith <[hidden email]> wrote:
> > How can I add/remove config from the local DNS configuration?
>
> Perhaps the changes should be done to resolvconf instead -- it is now
> in use by default on 12.04, and dnsmasq refers to it for name
> resolution.
>
> Please see http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ for
> the (original) announcement.

Yes, I've read this document and a few others on the Ubuntu site related
to this feature.

Using resolvconf won't help.  I need to get at the dnsmasq configuration
because I have multiple DNS domains and I need to forward DNS queries to
different DNS servers based on the hostname.

This is handled by the NetworkManager VPN tools, which add dnsmasq
settings like:

        server=/<domain>/<dns-ip>...

for every domain that is supported by that VPN.  This tells dnsmasq to
forward lookups to different servers based on the domain, and that's
exactly what I need.

But my VPN doesn't have any NetworkManager integration so I need to give
a snippet of dnsmasq configuration to the system, that it will include
with its auto-generated configuration.  Ideally I could add/remove it
dynamically as the VPN is stopped/started but even if I can just get it
added statically that'll be fine (that's how I used to have it).

Also, it's not always the case that the simple domain mapping
NetworkManager uses is sufficient.  I have one VPN which provides only
one high-level domain, but actually there are a number of domains which
are served by those same internal servers (required due to acquisitions
etc.)  I *might* be able to handle this by configuring the DNS info
myself in NetworkManager; I'll try that tonight.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

Marius Gedminas-2
In reply to this post by Paul Smith-2
On Fri, Jun 01, 2012 at 12:18:38PM -0400, Paul Smith wrote:

> On Fri, 2012-06-01 at 10:24 +0300, Marius Gedminas wrote:
> > On Thu, May 31, 2012 at 10:23:59PM -0400, Paul Smith wrote:
> > > However, I don't know how to add extra content to the dnsmasq
> > > configuration network-manager uses.  I can see that network-manager
> > > starts a dnsmasq server that listens on 127.0.0.1 (good stuff) and that
> > > the configuration file is /var/run/nm-dns-dnsmasq.conf which I assume is
> > > being auto-generated by network manager.
> >
> > Interesting.  I'm on 12.04 as well, and I also use a VPN tool not
> > integrated with NetworkManager (openvpn --config /path/to/config-file
> > --route-nopull --route x.y.0.0 255.255.0.0).  I don't have a
> > /var/run/nm-dns-dnsmasq.conf on my system, even though I most definitely
> > have dnsmasq running.
>
> Did you do a clean install or an upgrade?
An upgrade (all the way from Ubuntu 9.10).

> I did a clean install (first
> time since 2009 or so when I bought my current desktop!)  Perhaps if you
> upgrade, the new NM/dnsmasq/resolvconf config is not added.
>
> Also note if you add KVM (virtualization) that will start its own
> dnsmasq, to provide network services to the virtual machines.  You can
> tell which one is doing what by examining the command line arguments.

Hm.  My sysadmin diary indicates I'd installed resolvconf and dnsmasq
back in 2010 and configured the system-wide dnsmasq to coexist
peacefully with libvirt's one by following the instructions in
/usr/share/doc/libvirt-bin/README.Debian.gz.  And then I uninstalled
both resolvconf and dnsmasq after four days, because DNS caching caused
some issues as I moved my laptop between home and office networks.

I don't have any notes indicating I'd reinstalled dnsmasq and
resolvconf, so I must assume the Ubuntu upgrade pulled them in.
(Actually, it pulled resolvconf in -- the dnsmasq package is not
installed, but the dnsmasq-base is.)

Here are the two dnsmasq instances that are running:

$ ps $(pgrep dnsmasq)|cat
  PID TTY      STAT   TIME COMMAND
 1523 ?        S      0:00 /usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --except-interface lo --listen-address 192.168.122.1 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases --dhcp-lease-max=253 --dhcp-no-override
 3723 ?        S      0:03 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

I also have an /etc/init.d/dnsmasq (which belongs to the removed dnsmasq
package) and a symlink from it to /etc/rc2.d/S15dnsmasq.

I'm starting to suspect a packaging bug: apt-get remove dnsmasq appears
to be a no-op, as the postrm script only removes the rc.d symlinks on
purge, not on simple removal.  The prerm script does stop the running
dnsmasq, but it's a bit pointless, as it will come back after a reboot.

> > > How can I add/remove config from the local DNS configuration?
> >
> > dnsmasq supposedly has a DBus control protocol of some kind, but I
> > haven't been able to find documentation for it.
>
> I don't think this will help.  I want the config file to be modified so
> that the configuration is static and persists beyond daemon restarts.

It seems to me that you could sudo apt-get install dnsmasq and then
add files under /etc/dnsmasq.d/ to have additional static and persistent
configuration.

(Incidentally, I should perhaps mention the 'clear-on-reload' option,
which nicely solves my issues with DNS caches being wrong when I move
between networks.)

Marius Gedminas
--
The gates in my computer are AND, OR and NOT; they are not Bill.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

signature.asc (197 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

Paul Smith-2
On Sun, 2012-06-03 at 15:31 +0300, Marius Gedminas wrote:
> Here are the two dnsmasq instances that are running:
>
> $ ps $(pgrep dnsmasq)|cat
>   PID TTY      STAT   TIME COMMAND
>  1523 ?        S      0:00 /usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --except-interface lo --listen-address 192.168.122.1 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases --dhcp-lease-max=253 --dhcp-no-override
>  3723 ?        S      0:03 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

The first one is for your VM environment.  The second one is something
else; this might be the default configuration for dnsmasq in
Ubuntu/Debian but it's not the one that is configured as part of the new
resolvconf/dnsmasq setup for Ubuntu 12.04.

In Ubuntu 12.04 there are two packages: dnsmasq-base and dnsmasq.  The
former provides ONLY the dnsmasq binary but no sysv init scripts or
default config files, etc.  It's just the bare bones, used by
networkmanager/resolvconf/etc. for the 12.04 setup with its own
configuration.

Then if you install the "dnsmasq" package you get all the extra sysv
init setup, etc. that you would have had from the previous releases.

> > > > How can I add/remove config from the local DNS configuration?
> > >
> > > dnsmasq supposedly has a DBus control protocol of some kind, but I
> > > haven't been able to find documentation for it.
> >
> > I don't think this will help.  I want the config file to be modified so
> > that the configuration is static and persists beyond daemon restarts.
>
> It seems to me that you could sudo apt-get install dnsmasq and then
> add files under /etc/dnsmasq.d/ to have additional static and persistent
> configuration.

Yes, I can definitely completely replace the default configuration of
dnsmasq etc. with my own, static implementation.  But that's not my
question.  The question is, how can I ENHANCE the default configuration
so that it's still available for those features that support it, and yet
still use my own customized setups for things (like my proprietary VPN
solution) which do not support it.

I can't use dnsmasq.conf in the default 12.04 setup: there's a dnsmasq
running which is already bound to the default port and listening for
local requests on 127.0.0.1 and it uses its own separate configuration
file /var/run/nm-dns-dnsmasq.conf and does not use any other
configuration.  Hence, my question of how to add my own content to that
separate configuration file.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: 12.04: How to add local details to dnsmasq config

NoOp-4
In reply to this post by Paul Smith-2
On 06/01/2012 12:17 PM, Paul Smith wrote:
...

> Using resolvconf won't help.  I need to get at the dnsmasq configuration
> because I have multiple DNS domains and I need to forward DNS queries to
> different DNS servers based on the hostname.
>
> This is handled by the NetworkManager VPN tools, which add dnsmasq
> settings like:
>
> server=/<domain>/<dns-ip>...
>
> for every domain that is supported by that VPN.  This tells dnsmasq to
> forward lookups to different servers based on the domain, and that's
> exactly what I need.
>
> But my VPN doesn't have any NetworkManager integration so I need to give
> a snippet of dnsmasq configuration to the system, that it will include
> with its auto-generated configuration.  Ideally I could add/remove it
> dynamically as the VPN is stopped/started but even if I can just get it
> added statically that'll be fine (that's how I used to have it).
>
> Also, it's not always the case that the simple domain mapping
> NetworkManager uses is sufficient.  I have one VPN which provides only
> one high-level domain, but actually there are a number of domains which
> are served by those same internal servers (required due to acquisitions
> etc.)  I *might* be able to handle this by configuring the DNS info
> myself in NetworkManager; I'll try that tonight.
>
>

I do not have an answer to your problem. However, these may be of
interest to you as they concern issues with dnsmasq & NM in 12.04:

<https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1003842>
[dnsmasq sometimes fails to resolve private names in networks with
non-equivalent nameservers ]

Duplicates that have been merged into 1003842 (but contain useful
information)
<https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/997076>
[NM "dns=dnsmasq" breaks resolution of private domain names ]
<https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/993794>
[Precise can't connect to a network guarded by an authentication
webserver whose address can only be looked up with one of the
nameservers whose address is provided by DHCP ]
<https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/991347>
[After upgrade to 12.04 name resolution does not work ]


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users