NetworkManager/dnsmasq issues

Hi,

After just switching to Manjaro from Debian, I’ve run into some issues dealing with NetworkManager/dsnamsq.

I’m trying to set dnsmasq as a local dns cache but have been failing at it.

When setting :

[main] dns=dnsmasq

in /etc/NetworkManager.conf, restarting both the NetworkManager and dnsmasq services, I end up with “REFUSED” status when pinging addresses using dig.

Checking /etc/resolv.conf, the file is thus:

Generated by NetworkManager

search lan
nameserver 127.0.0.1
options edns0 trust-ad

checking dnsmasq status, I get the following:

dnsmasq[16478]: dnsmasq: syntax check OK.
systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
dnsmasq[16480]: started, version 2.90 cachesize 150
dnsmasq[16480]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
dnsmasq[16480]: DBus support enabled: connected to system bus
dnsmasq[16480]: no servers found in /etc/resolv.conf, will retry
dnsmasq[16480]: read /etc/hosts - 7 names
dnsmasq[16480]: reading /etc/resolv.conf
dnsmasq[16480]: ignoring nameserver 127.0.0.1 - local interface
dnsmasq[16480]: read /etc/hosts - 7 names

I have kept the exact same /etc/dnsmasq.conf which previosuly worked on my Debian system and know the file is being parsed (I’ve switched cache size to 155 and after restarting dnsmasq, systemctl status dnsmasq lists a cache size of 155 with a syntax check OK).

I have tried commenting out “dns=dnsmasq” in /etc/NetworkManager.conf and uncommenting “name_servers=127.0.0.1” in /etc/resolvconf.conf and also keeping both uncommented but nothing seems to work, I awlays end up with “REFUSED” connections when pinging addresses and obviously no access to the internet.

Is there something I’m missing? I know dnsmasq is being used or at least /etc/dnsmasq.conf is being parsed for playing around with the cache size and seeing an OK syntax check and the modified cache size.

Yet I have set other options in /etc/dnsmasq.conf, notably a higher “min-cache-ttl=” value but when and if dnsmasq is “working”, the min-cache-ttl value is not being applied (which is one of the main reasons why I use dnsmasq).

With:

[main]
dns=dnsmasq

commented out in /etc/NetworkManager.conf, I get connectibility, a dnsmasq that seems to be working and an /etc/dnsmasq.conf that is being parsed, yet no all options are being applied notably the “min-cache-ttl=” value.

Is there something obvious I am missing?

Regards

If you are using openresolv (as opposed to systemd-resolved) then maybe see this

https://wiki.archlinux.org/title/Dnsmasq#openresolv

In general, you should go over archwiki articles first. Example:

https://wiki.archlinux.org/title/NetworkManager#DNS_management

And if you did, you’d know that your first mistake is in:

The dnsmasq instance is managed by NetworkManager itself - no configuration file needed.
Also, the dnsmasq service does not need to run.

NetworkManager - ArchWiki

… ha - same link as @anon51566685 listed

Doing as the Arch wiki tells and still failing, copy/pasting the example files yields same result i.e., connection “REFUSED”. Commenting out nameservers=127.0.0.1 (I do not use IPv6), fixes the issue.

This works in as much as the plugged-in NetworkManager dnsmasq instance works and does cache the dns queries (I get 0 msec as query time). The problem now being that /etc/dnsmasq.conf is not being read or at the very least some other .conf file needs to be modified, which I am not aware of.

As replied to zbe, the fix works, stopping dnsmasq.service and using the NetworkManager plugin , for caching but I have yet to understand how to further configure dnsmasq now as a plug-in only not as a service.

It is described in section 4.7.1.1.1

Ok, that fixed it, I have set min-cache-ttl= to a higer value, restarted the NetworkManger service and tried pinging google and the config file in /etc/NetworkManager/dnsmasq.d is being parsed and applied.

Thank you

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.