[Dnsmasq-discuss] NetworkManager plugin not forwarding queries

Natxo Asenjo natxo.asenjo at gmail.com
Tue Dec 14 15:50:32 UTC 2021 

hi,

Apologies if this is not the proper forum for asking this question.

on a rhel 7.9 host, dnsmasq is not properly forwarding queries to some
internal domains.

If I run dnsmasq on the foreground with the same configuration, it works
fine (only resolving the specified domains)

Let's see:

interface=some-bridge-name
#bind-dynamic


domain-needed  # do not forward short names
bogus-priv     # drop non routed address spaces
no-resolv      # do not resolve anything, only whitelist allowed which
follows

# whitelisted dns domains
server=/domain.local/10.xxx.xxx.xx
server=/domain.local/10.1xxx.xxx.xx
server=/other.sub.tld/10.1xxx.xxx.xx
server=/other.sub.tld/10.1xxx.xxx.xx

# all other domains go to localhost
address=/#/127.0.0.1

cache-size=1000

log-queries
log-facility=/var/log/dnsmasq.log


And obviously in /etc/resolv.conf

nameserver 127.0.0.1

So, if I restart NetworkMangager, because I added

# cat /etc/NetworkManager/conf.d/00-use-dnsmasq.conf
# FILE MANAGED BY TEMPLATE
# DO NOT MODIFY LOCALLY ALL CHANGES WILL BE OVERWRITTEN

[main]
dns=dnsmasq

dnsmasq is automatically started (the dnsmaqs systemd service unit is
disabled)


I query a host in the sub.domain.tld and I have a timeout in dig, no
servers could be reached.


in the dnsmasq.log:
Dec 14 16:36:41 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to
10.xxx.xxx.xx
Dec 14 16:36:41 dnsmasq[7508]: forwarded host.sub.domain.tld to
10.xxx.xxx.xx
Dec 14 16:36:46 dnsmasq[7508]: query[A] host.sub.domain.tld from 127.0.0.1
Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to
10.xxx.xxx.xx
Dec 14 16:36:46 dnsmasq[7508]: forwarded host.sub.domain.tld to
10.xxx.xxx.xx

Ok, nou I kill dnsmasq, start it with --no-daemon

and then it works, dnsmasq forwards correctly.

In both cases I see a listening socket on the right interface port 53
{udp,tcp}.

What am I doing wrong?

Selinux shows no denials (avc empty). I turned it off (permissive), still
no improvement.

Any help greatly appreciated.

-- 
Regards,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/8fdacd72/attachment.htm>

More information about the Dnsmasq-discuss mailing list