On 2017-01-09 08:12, Per Jessen wrote:
Carlos E. R. wrote:
-r, --resolv-file=<file>
Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are sameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used.
-R, --no-resolv Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file.
Ah, interesting, thanks.
I would then use the configuration file option:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #no-resolv
because a command line option means altering the systemd config file. Otherwise, what would be the correct method of configuring dnsmasq?
Sounds like one of these: a) /etc/dnsmasq.conf (or whatever it is) b) /etc/sysconfig/dnsmasq, c) a systemd drop-in.
Yes, I'm using 'a' now.
The /etc/resolv file has to point to the local server, and the local server has to know the address of the upstream relay.
For instance, network manager likes to modify the /etc/resolv.conf file, perhaps with upstream servers. These may change per connection, specially for a laptop. But this can not be allowed when one is using dnsmasq, it has to point always to localhost.
Either this is a normal usage scenario with a standard solution, or you're using dnsmasq in an unusual setting.
Yes, my question is what would be the proper configuration in the usual setting. Usual (trivial) setting: use dnsmasq to cache dns searches for one machine only. 2) same, for local network. (2) basically means open the firewall for queries. It is clear that when I read the documentation and configured it (1), I did it wrong, and the same wrong setting has been applied to all my machines. But that has only been detected now because of the error message on one machine. Maybe dnsmasq was previously more tolerant, or it had code to patch/ignore the loop somehow. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)