Re: dnsmasq integration improvement suggestion

From: Thomas Haller <thaller redhat com>
To: Petr Menšík <pemensik redhat com>, networkmanager-list gnome org
Subject: Re: dnsmasq integration improvement suggestion
Date: Sat, 28 May 2022 22:22:36 +0200

On Fri, 2022-05-27 at 15:30 +0200, Petr Menšík via networkmanager-list
wrote:

Hi!

I were thinking how could be Network Manager's integration with
dnsmasq
improved.

Today it is running separate service in NetworkManager.service. I
thought about possible solution and think have found solution.

Dnsmasq can include all files with matching pattern from a directory.
On
Fedora, it uses /etc/dnsmasq.d for normal service and
/etc/NetworkManager/dnsmasq.d for dnsmasq running from dns=dnsmasq
mode
in NM.

What if default dnsmasq.service just included also
/run/dnsmasq.d/*.conf? That would allow starting real dnsmasq.service
from NM. But it could add additional  configuration snippet into
/run/dnsmasq.d/NetworkManager.conf, for example enable-dbus. It would
then be able to also enable dnssec validation just for some
connections.
When NM would need to stop dnsmasq, it would make this file empty.

What do you think about this integration? Would it be better than
bundling dnsmasq into NetworkManager.service?

Cheers,
Petr


As you say, NetworkManager can run dnsmasq as DNS plugin by configuring
`[main].dns=dnsmasq` in `man NetworkManager.conf`.

In that mode, NetworkManager will spawn the dnsmasq process.
Doing that is undesirable, for several reasons.

I agree, it would be much better, if dnsmasq could run as a separate
service. In the best case, dnsmasq could be D-Bus activated, then it
doesn't even have to be a systemd service (altough, on systemd systems,
of course systemd would start the dnsmasq service).

When would dnsmasq reload those files? Usually, we would prefer that
everything can be configured via D-Bus. Of course, if dnsmasq by
default runs without D-Bus, then that wouldn't work. What would those
configuration snippes contain beside `enable-dbus`?

/etc/NetworkManager/dnsmasq.d is a semidocumented thing, where users
could hack the setup by dropping snippets. I wonder how bad it would be
to move away from the way how we do it currently. Maybe we could
symlink all files there from /run. Or maybe we would need to add a
separate dns=dnsmasq2 plugin for the new way.


I would prefer the notion that dnsmasq is just running as a stand-alone
service, and NetworkManager can push interface-specific DNS
configuration to it (basically, like with systemd-resolved) and also
with the notion that there could be other services that configure their
part. For example, WireGuard's wg-quick could configure the DNS server
on the WireGuard interface (though, currently I think that would call
/usr/sbin/resolvconf -- unless systemd-resolved is detected).



best,
Thomas

Follow-Ups:
- Re: dnsmasq integration improvement suggestion
  - From: Petr Menšík

References:
- dnsmasq integration improvement suggestion
  - From: Petr Menšík

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]