On Mon, Sep 14, 2020 at 10:45 PM Dominick C. Pastore <dominickpast...@dcpx.org> wrote: > > > > Personally, I am not a fan of Netplan for reasons like this. It's > > > supposed to abstract away the details of NetworkManager or > > > systemd-networkd, but it doesn't do a great job of it. You end up having > > > to refer to the NetworkManager or systemd-networkd documentation anyway, > > > and having Netplan on top muddies the water. > > > > > > Anyway: Those address lines in the Netplan yaml are used to tell > > > systemd-resolved which upstream DNS server to use, so it is using your > > > Dnsmasq server. Then, /etc/resolv.conf specifies what DNS server other > > > programs on the system will use (not all programs use that mechanism, but > > > many do), and by default, it points to 127.0.0.53 so everything else will > > > go through systemd-resolved. This includes Dnsmasq unless you configure > > > it to do otherwise! > > > > > > The net result is most likely that Dnsmasq and systemd-resolved are each > > > trying to use the other as their upstream server, so neither can resolve > > > anything. > > > > > > If you really want to keep using both systemd-resolved and Dnsmasq, you > > > need to pick one to be "upstream" from the other, as Geert and Neal said. > > > > > > If you want Dnsmasq to query the upstream servers, systemd-resolved to > > > query Dnsmasq, and everything else on the host to query systemd-resolved: > > > Then you need to edit the Dnsmasq configuration to quit using > > > /etc/resolv.conf. This probably means you want to manually specify DNS > > > servers in /etc/dnsmasq.conf with the "server=W.X.Y.Z" and "no-resolv" > > > options. That does assume you know what DNS server you want to use. > > > > Very strange, for my case, I've already set the following options in > > my dnsmasq.conf: > > > > no-resolv > > no-poll > > > > and keep /etc/resolv.conf as the symlink to > > /run/systemd/resolve/stub-resolv.conf > > Did you specify a server for Dnsmasq some other way? E.g. the > "server=W.X.Y.Z" option? Or, better yet, can you share your Dnsmasq config?
I run dnsmasq as following: $ /usr/local/sbin/dnsmasq --port=53 -c10240 --server=127.0.0.1#6053 --conf-dir=/home/werner/Public/anti-gfw/dns/dnsmasq/conf/conf-dir,*.conf -C /home/werner/Public/anti-gfw/dns/dnsmasq/conf/dnsmasq.conf The 127.0.0.1#6053 is a DNS proxy based on dnsproxy which has with DoH, DoT, DoQ and DNSCrypt support. The conf files here: /home/werner/Public/anti-gfw/dns/dnsmasq/conf/conf-dir,*.conf, are for China domains which using China's mainland DNS servers. And the main dnsmasq.conf file has the following options enabled: $ egrep -v '^([[:blank:]]*#|$)' /home/werner/Public/anti-gfw/dns/dnsmasq/conf/dnsmasq.conf dns-forward-max=10000 no-negcache min-cache-ttl=3600 all-servers domain-needed bogus-priv filterwin2k no-resolv no-poll interface=lo bind-interfaces > > > > > > > Alternatively, if you want systemd-resolved to query the upstream servers > > > and Dnsmasq to query systemd-resolved: > > > Then you need to remove the "use-dns: false" and "nameservers" directives > > > from Netplan so systemd-resolved stops trying to query Dnsmasq and uses > > > the proper upstream servers instead. Dnsmasq will continue to use > > > systemd-resolved, since /etc/resolv.conf will point it there. Note that > > > programs on the same host will still use systemd-resolved and not Dnsmasq > > > at all. > > > > Why? > > Why what? Why won't other programs on the host use Dnsmasq? That's the way > systems with systemd-resolved work by default. Generally, programs on the > host will query /etc/resolv.conf to determine which DNS servers to use > (though the manpage for systemd-resolved.service(8) suggests that some > programs do not use /etc/resolv.conf and connect to systemd-resolved though > other means. To be honest, that part is a little unclear to me). By default, > it's a symlink to a file that direct clients to systemd-resolved (127.0.0.53). > > The trouble is, systemd-resolved also uses resolv.conf to determine its own > behavior. The moment you delete the symlink and replace it with your own file > pointing to Dnsmasq (127.0.0.1), two things will happen: This is exactly my situation, see following for more detail info: werner@X10DAi-01:~$ cat /etc/resolv.conf nameserver 127.0.0.1 werner@X10DAi-01:~$ realpath -e /etc/resolv.conf /etc/resolv.conf > 1.) systemd-resolved will itself add Dnsmasq to its list of nameservers. This > probably won't break systemd-resolved entirely, but it will potentially cause > lots of retries and slowdowns. Seems so complicated and still can't figure out a perfect solution for the coexistence of dnsmasq and systemd-resolved. > 2.) Unless you've manually configured a nameserver in /etc/dnsmasq.conf, > Dnsmasq will not have anywhere to send queries. This *will* break some > things. It's smart enough to know that it shouldn't use itself as the > upstream server, but neither /etc/resolv.conf nor /etc/dnsmasq.conf gives it > other options, so it fails. As you can see, I've set upstream nameservers for my dnsmasq, so this shouldn't be the culprit for my case. > > If you want other programs on the same host to go through Dnsmasq, you should > use the first option I suggested. Do you mean the following thing you have told: If you want Dnsmasq to query the upstream servers, systemd-resolved to query Dnsmasq, and everything else on the host to query systemd-resolved: > > > > Only other hosts on the same network will be able to use Dnsmasq. > > > > Seems this is not my purpose. > > > > > > > > Regards, > > > Dominick > > > > > > _______________________________________________ > > > Dnsmasq-discuss mailing list > > > Dnsmasq-discuss@lists.thekelleys.org.uk > > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > > > > > -- > > Hongyi Zhao <hongyi.z...@gmail.com> > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Hongyi Zhao <hongyi.z...@gmail.com> _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss