[Dnsmasq-discuss] DBus API

Tom Metro tmetro+dnsmasq at gmail.com
Thu May 21 18:17:51 BST 2015 

I'm attempting to use DBus to set up DNS for a split-tunnel VPN using an
environment similar to the one described in this posting:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q2/008541.html

with Ubuntu 14.10 and NetworkManager wrapped around Dnsmasq. I've ran
into some similar issues as that poster had.

The main one seems to be that the Dnsmasq's SetDomainServers (and
similar) DBus methods seem to be designed with he assumption that with
any given installation you will have only one VPN active, or a base
configuration using non-DBus methods and one split-tunnel VPN.

I'm inferring this because SetServers and SetServersEx (and although not
explicitly documented as such, in practice it seems SetDomainServers as
well) are documented as "Each call to SetServers [or SetServersEx]
completely replaces the set of servers specified by via the DBus, but it
leaves any servers specified via the command line or /etc/dnsmasq.conf
or /etc/resolv.conf alone."

The problem with the NetworkManager usage is that it doesn't use
/etc/resolv.conf to store upstream servers nor use a Dnsmasq config
file. It obtains the upstream servers from dhclient, then tells Dnsmasq
about them via DBus.

Consequently, if you bring up a split-tunnel VPN, and set a DNS server
for it via DBus, it wipes out the base configuration.

The above referenced thread mentions that NetworkManager has built-in
support for split-tunnels, but that presumes NetworkManager supports the
type of VPN connection you are using. (I'm connecting to a Juniper VPN
that is only supported by a bleeding edge version of OpenConnect.)

I'm sure thee are ways around this on the NetworkManager side. Perhaps
some way to tell NetworkManager the additional DNS servers, and then let
it manage Dnsmasq by sending all the servers in one batch. (I'm open to
pointers if anyone knows how to do that.) But I'm posting to 1. confirm
my that my understanding of Dnsmasq's DBus API is correct, and 2. to
ask: does it makes sense that the API assumes there will never be a use
case for incremental additions (and removal) of DNS servers? What if the
user has multiple split-tunnel VPNs?

My expectation is that a DBus caller ought to be able to set upstream
servers one at a time, choosing whether to incrementally add them or
supplant existing servers. (And ideally, there should be a documented
mechanism for removing those entries.)


Quoting from the thread above:

Nic Ferrier wrote:
> Simon Kelley wrote:
>> I wish I could use dbus to get dnsmasq to tell me what it's doing.
> It does. Every time the  dbus method is invoked, it logs...

While I ran across the advice to add log-queries for debugging DBus
issues fairly quickly, that's non-obvious from the name, given the
activity isn't a query. It should be noted in the DBus-interface doc.

(To supplement the original thread where the OP didn't know how to
enable logging in the NetworkManager use of Dnsmasq: you just need to
add a file to /etc/NetworkManager/dnsmasq.d containing 'log-queries' on
a line by itself, then run 'sudo service network-manager restart' to
restart Dnsmasq.)

Additionally, because the logging is spread across multiple lines:

dnsmasq[21870]: setting upstream servers from DBus
dnsmasq[21870]: using nameserver 10.0.2.2#53

it may not be obvious that what's logged on the 2nd line is specifically
what was sent via DBus. I understand the desire to reuse existing
logging messages (or have subroutines be ignorant of DBus), but
appending a "via DBus" on the 2nd line would make thing clearer.

And echoing the OP's original comment, it seems logical that if you can
programmatically set servers via DBus, you should be able to query to
retrieve them. But maybe there haven't been any compelling use cases for
this, beyond debugging, which is adequately addressed by the logging.

(Given SetDomainServers overwrites the existing list of servers, one use
case would be to hack a work-around for the lack of incremental
additions by first reading the list of servers, adding the new server to
the list, then pushing back the modified list.)


On a related note, I recommend adding a dbus-send example to the
SetDomainServers section of:

http://www.thekelleys.org.uk/dnsmasq/docs/DBus-interface

as implied by this other post:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q3/008727.html

(which also suggests a qdbus example might also be helpful.)

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/

More information about the Dnsmasq-discuss mailing list