On Mon, Sep 14, 2020 at 10:45 PM Dominick C. Pastore
<dominickpast...@dcpx.org> wrote:
>
> > > Personally, I am not a fan of Netplan for reasons like this. It's
> > > supposed to abstract away the details of NetworkManager or
> > > systemd-networkd, but it doesn't do a great job of it. You end up having
> > > to refer to the NetworkManager or systemd-networkd documentation anyway,
> > > and having Netplan on top muddies the water.
> > >
> > > Anyway: Those address lines in the Netplan yaml are used to tell
> > > systemd-resolved which upstream DNS server to use, so it is using your
> > > Dnsmasq server. Then, /etc/resolv.conf specifies what DNS server other
> > > programs on the system will use (not all programs use that mechanism, but
> > > many do), and by default, it points to 127.0.0.53 so everything else will
> > > go through systemd-resolved. This includes Dnsmasq unless you configure
> > > it to do otherwise!
> > >
> > > The net result is most likely that Dnsmasq and systemd-resolved are each
> > > trying to use the other as their upstream server, so neither can resolve
> > > anything.
> > >
> > > If you really want to keep using both systemd-resolved and Dnsmasq, you
> > > need to pick one to be "upstream" from the other, as Geert and Neal said.
> > >
> > > If you want Dnsmasq to query the upstream servers, systemd-resolved to
> > > query Dnsmasq, and everything else on the host to query systemd-resolved:
> > > Then you need to edit the Dnsmasq configuration to quit using
> > > /etc/resolv.conf. This probably means you want to manually specify DNS
> > > servers in /etc/dnsmasq.conf with the "server=W.X.Y.Z" and "no-resolv"
> > > options. That does assume you know what DNS server you want to use.
> >
> > Very strange, for my case, I've already set the following options in
> > my dnsmasq.conf:
> >
> > no-resolv
> > no-poll
> >
> > and keep /etc/resolv.conf as the symlink to
> > /run/systemd/resolve/stub-resolv.conf
>
> Did you specify a server for Dnsmasq some other way? E.g. the
> "server=W.X.Y.Z" option? Or, better yet, can you share your Dnsmasq config?
I run dnsmasq as following:
$ /usr/local/sbin/dnsmasq --port=53 -c10240 --server=127.0.0.1#6053
--conf-dir=/home/werner/Public/anti-gfw/dns/dnsmasq/conf/conf-dir,*.conf
-C /home/werner/Public/anti-gfw/dns/dnsmasq/conf/dnsmasq.conf
The 127.0.0.1#6053 is a DNS proxy based on dnsproxy which has with
DoH, DoT, DoQ and DNSCrypt support.
The conf files here:
/home/werner/Public/anti-gfw/dns/dnsmasq/conf/conf-dir,*.conf, are for
China domains which using China's mainland DNS servers.
And the main dnsmasq.conf file has the following options enabled:
$ egrep -v '^([[:blank:]]*#|$)'
/home/werner/Public/anti-gfw/dns/dnsmasq/conf/dnsmasq.conf
dns-forward-max=10000
no-negcache
min-cache-ttl=3600
all-servers
domain-needed
bogus-priv
filterwin2k
no-resolv
no-poll
interface=lo
bind-interfaces
>
> > >
> > > Alternatively, if you want systemd-resolved to query the upstream servers
> > > and Dnsmasq to query systemd-resolved:
> > > Then you need to remove the "use-dns: false" and "nameservers" directives
> > > from Netplan so systemd-resolved stops trying to query Dnsmasq and uses
> > > the proper upstream servers instead. Dnsmasq will continue to use
> > > systemd-resolved, since /etc/resolv.conf will point it there. Note that
> > > programs on the same host will still use systemd-resolved and not Dnsmasq
> > > at all.
> >
> > Why?
>
> Why what? Why won't other programs on the host use Dnsmasq? That's the way
> systems with systemd-resolved work by default. Generally, programs on the
> host will query /etc/resolv.conf to determine which DNS servers to use
> (though the manpage for systemd-resolved.service(8) suggests that some
> programs do not use /etc/resolv.conf and connect to systemd-resolved though
> other means. To be honest, that part is a little unclear to me). By default,
> it's a symlink to a file that direct clients to systemd-resolved (127.0.0.53).
>
> The trouble is, systemd-resolved also uses resolv.conf to determine its own
> behavior. The moment you delete the symlink and replace it with your own file
> pointing to Dnsmasq (127.0.0.1), two things will happen:
This is exactly my situation, see following for more detail info:
werner@X10DAi-01:~$ cat /etc/resolv.conf
nameserver 127.0.0.1
werner@X10DAi-01:~$ realpath -e /etc/resolv.conf
/etc/resolv.conf
> 1.) systemd-resolved will itself add Dnsmasq to its list of nameservers. This
> probably won't break systemd-resolved entirely, but it will potentially cause
> lots of retries and slowdowns.
Seems so complicated and still can't figure out a perfect solution for
the coexistence of dnsmasq and systemd-resolved.
> 2.) Unless you've manually configured a nameserver in /etc/dnsmasq.conf,
> Dnsmasq will not have anywhere to send queries. This *will* break some
> things. It's smart enough to know that it shouldn't use itself as the
> upstream server, but neither /etc/resolv.conf nor /etc/dnsmasq.conf gives it
> other options, so it fails.
As you can see, I've set upstream nameservers for my dnsmasq, so this
shouldn't be the culprit for my case.
>
> If you want other programs on the same host to go through Dnsmasq, you should
> use the first option I suggested.
Do you mean the following thing you have told:
If you want Dnsmasq to query the upstream servers,
systemd-resolved to query Dnsmasq,
and everything else on the host to query systemd-resolved:
>
> > > Only other hosts on the same network will be able to use Dnsmasq.
> >
> > Seems this is not my purpose.
> >
> > >
> > > Regards,
> > > Dominick
> > >
> > > _______________________________________________
> > > Dnsmasq-discuss mailing list
> > > Dnsmasq-discuss@lists.thekelleys.org.uk
> > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> >
> > --
> > Hongyi Zhao <hongyi.z...@gmail.com>
> >
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
Hongyi Zhao <hongyi.z...@gmail.com>
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
