[LEDE-DEV] [PATCH] dnsmasq: manage resolv.conf iff when listening on 127.0.0.1#53

Paul Oranje por at xs4all.nl
Mon Jun 12 11:33:18 PDT 2017 

Did the change break existing code ?

What I did understand about the dnsmasq options --resolv-file (UCI dhcp:dnsmasq.resolvfile) and --no-resolv (UCI dhcp:dnsmasq.noresolv) is:

- the --no-resolv option governs whether dnsmasq ignores the nameservers listed in the resolvfile.
- the resolvfile dnsmasq reads by default is the file /etc/resolv.conf unless set otherwise with --resolv-file (LEDE soft links that file to /tmp/dnsmasq which by default soft links again to /tmp/resolv.conf.auto which is written by netifd).
- the contents of the resolvfile is normally populated with the DNS servers of the upstream link.
- nameservers to be used by dnsmasq can (also) be configured with the --server option (UCI:dhcp dnsmasq.server); several may of these option may be passed.

With LEDE/OpenWrt different instance of dnsmasq can run each with separate UCI options.
When running multiple instances and one of those must **not** use the upstream nameservers, than set dhcp:dnsmasq[i].noresolv to '1' and if needed specify one or more name servers with the UCI dhcp:dnsmasq[i].server list option.

One could write different resolvfiles manually and specify different UCI dhcp:dnsmasq.resolvfile options for each instance, but that is not what those files are meant for. The resolvfile is for use by the resolver routines of the C library which are used by processes running on the host [1]. By reading the resolvfile dnsmasq gets to know the nameservers of the upstream link; most times those are the nameservers dnsmasq will use, but not necessarily.

Conclusion: in order to get dnsmasq **not** to share nameservers with other instances, set noresolv to '1' and specify one or more nameservers to use with the server list option.

Hopefully I did understand your problem well, bye,
Paul

[1] man 5 resolv.conf


> Op 12 jun. 2017, om 18:09 heeft e9hack <e9hack at gmail.com> het volgende geschreven:
> 
> Hi,
> 
> IMHO, usage of the resolve file is completely wrong. If option 'resolvfile' is not given for a configuration, dnsmasq
> must run without a parameter resolv-file='..' and uses /etc/resolv.conf which is a symbolic link to /tmp/resolv.conf. In
> this case, the init script writes to /tmp/resolv.conf. If option 'resolvfile' is given, dnsmasq must run with a
> parameter resolv-file='..'. The init script writes to the given resolve file. This is important, if two instances of
> dnsmasq are running with different configurations and which cannot share any data, e.g. 1th dnsmasq for the normal lan,
> 2th dnsmasq for a tor proxy.
> 
> Regards,
> Hartmut

More information about the Lede-dev mailing list