Re: dnsmasq

From: Howard Chu <hyc symas com>
To: networkmanager-list gnome org
Subject: Re: dnsmasq
Date: Thu, 25 Sep 2008 22:28:55 -0700

Date: Fri, 26 Sep 2008 00:04:26 -0400

> From: "Jim Popovitch" <yahoo jimpop com>

On Thu, Sep 25, 2008 at 23:34, Howard Chu <hyc symas com> wrote:

>> Perhaps it seems that way to you, but consider the case where someone
>> might want DNS fixed (ie. to a local caching server that is configured
>> to use opendns, 4.2.2.1, etc.) whilst using a wifi hotspot, but when
>> in a tightly firewalled corporate environment they need to use the DNS
>> servers specified by the site.    Also, multiple configuration options
>> doesn't necessarily imply complexity, but rather flexibility.  More
>> specific options are needed, not just general ones.

>
> You're completely missing the point:
>
>   You're either using a local caching server, or not. That's it, one simple
> switch.


Correct.  However, the caching server needs to know what it's
forwarders are..... and I would like those forwarders to vary based on
connection or connection type.   Right now NM updates resolv.conf
regardless of connection, so I have a manual step to update the
forwarders.  If NM didn't update resolv.conf for certain connections,
then I could do away with manual configuration for various
connections.

OK, I think we're both in agreement on this. Note that internally, NM knowswhich IP config info came from which provider. My patch for dnsmasq supportpreserves the distinction between DNS servers received from a VPN and thosereceived from other sources.

Current versions of BIND don't give you much control over forwarding either;dnsmasq does.

> All the variations you talk about are of course important, but those should
> be handled in the caching DNS, not in resolv.conf. If you have a caching
> DNS, resolv.conf should point to localhost, period, end of story.


Not necessarily.  I use a dhcp3 script to pull the forwarders out and
update bind9 forwarders via an include + rndc reload.   That could go
away if NM would allow a simple way of determining connection provided
forwarders... such as a post-connection script call.

In what way does any of what you wrote here have anything to do with whetheror not anybody should be overwriting /etc/resolv.conf?

Sigh.  You really aren't getting my point.  I haven't cared about
search or domain until you mentioned them above.  I only care about NM
updating resov.conf.   I don't think a all or none solution (i.e.
global) is reasonable, the user needs some level of control over which
connections are allowed to update resolv.conf.

And you're still missing the point that /etc/resolv.conf is the wrong vehiclefor exercising fine-grained control over name resolution. In fact, it offersyou *no* ability to do fine-grained control. On the other hand, dnsmasq givesyou a great deal of fine control. Since you're still talking about bind9, Isuggest you go read up on dnsmasq's features before continuing this conversation.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: dnsmasq
  - From: Jim Popovitch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]