Re: How to make NM call dnsmsaq with --bind-dynamic ?

From: Jean-Christian de Rivaz <jc eclis ch>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: How to make NM call dnsmsaq with --bind-dynamic ?
Date: Tue, 15 Sep 2015 12:03:33 +0200

Hi Dan,

Le 15. 09. 15 00:31, Dan Williams a écrit :

On Mon, 2015-09-14 at 23:25 +0200, Jean-Christian de Rivaz wrote:

Hello,

I use NetworkManager on a embedded Debian Jessie system that have
multiples interfaces, some of them going up dynamically. The system is
acting as a router between the interfaces and have the relevant iptables
rules to do NAT masquerading and MSSTCP handling. The only remaining
point is to have a DNS server on the system accessibly from any
interface at any time. To do that I have added the
/etc/NetworkManager/dnsmasq.d/interface file with this content:

interface=*

It do the expected work, but only until the interface list change: At
this point dnsmasq will not bind new interfaces. According to the
dnsmasq manual there is a --bind-dynamic to handle this.
Unfortunately NM call dnsmasq with the --bind-interfaces option that is
incompatible with the --bind-dynamic option. And NM don't restart
dnsmasq when the interfaces list change.

I'll assume you're talking about the local caching nameserver stuff
here, not about the internet connection sharing.  Both use dnsmasq, but
in different ways.

Why so you think this is so different ? It's only a matter to listen toall interfaces instead of just the 127.0.0.1 address. All the rest isthe same, especially the way pppd/dhclient/NM/dnsmasq work together tohandle the external DNS servers configuration.

It sounds like you're trying to use NM's dnsmasq functionality in a way
that isn't really intended; it's not supposed to be a DNS server for all
other machines on any interface, it's simply supposed to be a local
caching nameserver for the *local*  machine.

There is no difference to resolve the DNS query whenever it is receivedfrom a local process or received from a process running in a othermachine on the network: it's just a UDP datagram and dnsmasq simplyrespond to the address of the query source.

If you want a generic
forwarder for all machines, you would typically configure a separate
dnsmasq service that would read its DNS servers from /etc/resolv.conf
and watch that file for changes.  NM itself wouldn't be set up with
local caching nameserver functionality though.

Really, what would be the drawback to just replace the existing"--bind-interfaces" by "--bind-dynamic" ? I will greatly appreciate tounderstand. By the way, the actual setup where I do my testing seem toprove that this work as expected, the only remaining problem is to allowdnsmasq to bind new interfaces.


Best Regards,
Jean-Christian

References:
- How to make NM call dnsmsaq with --bind-dynamic ?
  - From: Jean-Christian de Rivaz
- Re: How to make NM call dnsmsaq with --bind-dynamic ?
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]