[Dnsmasq-discuss] dnsmasq, NetworkManager and VPNs

Albert ARIBAUD albert.aribaud at free.fr
Thu Mar 6 11:54:12 UTC 2014

Le 06/03/2014 12:28, Simon Kelley a écrit :
> On 06/03/14 01:39, Tony Breeds wrote:
>> Hi All,
>>          I'm a new user of dnsmasq and I can't see an easy way to do what
>> I want to do.
>> My situation is (probably not that uncommon) I need to connect to a work
>> VPN and while I'm connected to said VPN I need to query work's DNS
>> servers for company.com addresses but all other queries should go
>> through my normal (as supplied by DHCP) DNS servers.
>> I tried adding a config file like:
>> server=/company.com/DNS_SERVER_1 at interface
>> server=/company.com/DNS_SERVER_2 at interface
>> server=/I.P.ADDR.in-addr.arpa/DNS_SERVER_1 at interface
>> server=/I.P.ADDR.in-addr.arpa/DNS_SERVER_2 at interface
>> Now my problem is that if that file exists when dnsmasq starts and my
>> VPN interface isn't up, dnsmasq prints an error and exits.  This is
>> especially painful as I'm starting dnsmasq from NetworkManager (by
>> setting dns=dnsmasq in the NetworkManager config file)
>> I can run a script that adds and removes the config file on VPN up/down
>> events but I can't find a way to re-read all the config files for a
>> running dnsmasq process.
>> My next thought was to use the dbus interface to "inject" the above
>> configuration to the running dnsmasq server, but I don't see a syntax
>> that will remove the configuration when I take down my VPN.
> Answering the "how do I remove configuration" question specifically,
> You call the DBus method again with a different list. Each time you call
> the DBus method, all the upstream servers which were installed _by DBus_
> are purged,,  and the new set installed in their stead.
>> So any advice? this must be possible, perhaps I just need to be more
>> creative.
> Dave, advice is good. Check the Networkmanager docs carefully in case it
> supports this already. I have a vague feeling but not evidence that it
> should. I think NM starts dnsmasq with the --bind-interfaces flag. If
> you can convince it not to do that, you may avoid the error at startup.

On my Ubuntu machine, there is a file, /etc/dnsmasq.d/network-manager, 
which contains the following:

| # Tell any system-wide dnsmasq instance to make sure to bind to interfaces
| # instead of listening on
| # WARNING: changes to this file will get lost if network-manager is 
| bind-interfaces

I conclude it can be modified, within the above caveat.

> Cheers,
> Simon.
>> Tony.


More information about the Dnsmasq-discuss mailing list