[Dnsmasq-discuss] DBus API
Tom Metro
tmetro+dnsmasq at gmail.com
Thu May 21 21:28:23 BST 2015
Dan Williams wrote:
> Tom Metro wrote:
>> I'm sure thee are ways around this on the NetworkManager side. Perhaps
>> some way to tell NetworkManager the additional DNS servers, and then let
>> it manage Dnsmasq by sending all the servers in one batch. (I'm open to
>> pointers if anyone knows how to do that.)
>
> NM spawns a private dnsmasq though, so it is going to be under NM's
> control and isn't really intended to be a "system wide" dnsmasq that
> anything can talk to.
> ...
> The longer term solution here for NM is to enhance its DNS plugin
> interface so that it can dump the whole set of split DNS to plugins or
> scripts and let them do whatever they want, instead of having only a C
Agreed.
While I'm interested in hearing about workarounds for accomplishing this
with NM, the main point of my post is about the Dnsmasq side of things,
as there are also issues with how it behaves, independent of NM. (My
next target for this VPN setup is an Ubuntu server, which is running
Dnsmasq without NM wrapping it.)
> ...you'll probably need something like resolvconf. Unfortunately, I
> don't think resolvconf can do split DNS either.
OS X has a split DNS solution using resolvconf files or similar. I think
there is also a resolvconf solution for split DNS on Linux that relies
on some other DNS cache, whose name I don't recall. But Ubuntu adopted
Dnsmasq specifically to support split DNS:
https://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
On a desktop install, your DNS server is going to be "127.0.0.1" which
points to a NetworkManager-managed dnsmasq server. This was done to
better support split DNS for VPN users...
> For the short term, NM does have an /etc/NetworkManager/dnsmasq.d
> directory where you can toss dnsmasq config files...
Yes, that is how I initially prototyped the setup. I was just looking
for a cleaner solution than writing to a file and restarting NM.
It looks like it might also be possible to dynamically create a NM
connection (of type "manual") using what is documented in nm-settings,
and then use nmcli to bring up the interface. But that might be as much
work as getting my custom OpenConnect setup to work as an NM plugin.
-Tom
--
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/
More information about the Dnsmasq-discuss
mailing list