On 12/06/12 20:31, Thomas Hood wrote:
> (Executive summary of the following: I think we should fix this by
> making nm-dnsmasq listen at ::1.)
>
> Thanks for your much-needed help, Simon.
>
> It is good to know that the "except-interface" avenue is available. We
> want, however, to be able to enjoy the advantages of non-bind-interfaces
> mode ("unbound mode"??) in standalone dnsmasq insofar as we can.
> Certainly standalone dnsmasq should continue to run in unbound mode when
> n-m is not installed or when nm-dnsmasq is not in use; so ideally we
> would ensure that /etc/NetworkManager/NetworkManager.conf contains
> dns=dnsmasq if and only if /etc/dnsmasq.d/nm-dnsmasq contains "bind-
> interfaces except-interface=lo". I don't see a very easy way to ensure
> this.
>
> In any case it would be better if we never had to force dnsmasq into
> bind-interfaces mode.
>
> So instead of switching the nm-dnsmasq listen address from 127.0.0.1 to
> 127.0.1.1 it seems better to switch that address to ::1: no more
> difficult, yet in the latter case standalone dnsmasq can continue to run
> in unbound mode as it has traditionally done (unless forced into bind-
> interfaces mode by something like libvirt-bin, of course).
I don't think that's true. In unbound mode, the standalone dnsmasq will
bind the IPv6 wildcard address, which will stop the nm-dnsmasq from
binding ::1 There's no escape in IPv6 land. Indeed the situation is
worse, because as far a I know, you can't use any address in the defined
subnet for loopback, it has to be ::1, so except-interface=lo is required.
I think the 127.0.1.1 (or whatever) answer is the best. Unfortunately
there's no way round having to set --bind-interfaces on the standalone
dnsmasq, but except-interface=lo is not required as long as the
127.0.0.0/8 address in use by nm-dnsmasq doesn't appear on the lo interface.
Simon.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/959037
Title:
NM-controlled dnsmasq prevents other DNS servers from running, yet
network-manager doesn't Conflict with their packages
Status in “djbdns” package in Ubuntu:
New
Status in “dnsmasq” package in Ubuntu:
Confirmed
Status in “network-manager” package in Ubuntu:
Triaged
Bug description:
As described in
https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-dns-
resolving, network manager now starts a dnsmasq instance for local DNS
resolving.
That breaks the default bind9 and dnsmasq installations, for people that
actually want to install a DNS server.
Having to manually comment out "#dns=dnsmasq" in
/etc/NetworkManager/NetworkManager.conf doesn't sound good, and if it stays
that way, it should be moved to the bind9 and dnsmasq postinst scripts.
Please make network-manager smarter so that it checks if bind9 or
dnsmasq are installed, so that it doesn't start the local resolver in
that case.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/djbdns/+bug/959037/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
