[Dnsmasq-discuss] dnsmasq, NetworkManager and VPNs

Dan Williams dcbw at redhat.com
Thu Mar 6 17:31:40 UTC 2014


On Thu, 2014-03-06 at 12:39 +1100, Tony Breeds wrote:
> Hi All,
>         I'm a new user of dnsmasq and I can't see an easy way to do what
> I want to do.
> 
> My situation is (probably not that uncommon) I need to connect to a work
> VPN and while I'm connected to said VPN I need to query work's DNS
> servers for company.com addresses but all other queries should go
> through my normal (as supplied by DHCP) DNS servers.
> 
> I tried adding a config file like:
> server=/company.com/DNS_SERVER_1 at interface
> server=/company.com/DNS_SERVER_2 at interface
> server=/I.P.ADDR.in-addr.arpa/DNS_SERVER_1 at interface
> server=/I.P.ADDR.in-addr.arpa/DNS_SERVER_2 at interface
> 
> Now my problem is that if that file exists when dnsmasq starts and my
> VPN interface isn't up, dnsmasq prints an error and exits.  This is
> especially painful as I'm starting dnsmasq from NetworkManager (by
> setting dns=dnsmasq in the NetworkManager config file)

If you're using dns=dnsmasq, then NetworkManager will automatically do
split DNS exactly as you describe, as long as your VPN returns a DNS
domain (or you specify one yourself).  Is this not working?

(the 'bind-interfaces' note is not for DNS, it's NM's Internet
Connection Sharing feature, which also uses dnsmasq.  Since this
requires a very specific setup on the private interface, it's always
incompatible with a system-configured dnsmasq.  But if you don't use
bind-interfaces with the system-configured dnsmasq, then the private
copy for ICS on the private interface doesn't work, becuase the
system-configured one has already bound to the DHCP and DNS ports on
that interface)

Dan

> I can run a script that adds and removes the config file on VPN up/down
> events but I can't find a way to re-read all the config files for a
> running dnsmasq process.
> 
> My next thought was to use the dbus interface to "inject" the above
> configuration to the running dnsmasq server, but I don't see a syntax
> that will remove the configuration when I take down my VPN.
> 
> So any advice? this must be possible, perhaps I just need to be more
> creative.
> 
> Tony.
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss





More information about the Dnsmasq-discuss mailing list