# dnsmasq, dhcp, dns question

## Lawless

Hi,

  I use dnsmasq on localhost to manage several dns servers on my laptop.

The situation - my resolv.conf points at 127.0.0.1 and I have two dns servers to different (vpn) nets in dnsmasq.conf.

I start dhcpcd with -R to not overwrite my resolv.conf as I would then lose the 127.0.0.1 and the vpn dns.

However this means that I have to add the actual internet dns that would come over dhcp manually with dnsmasq -S

I guess that could be done better, right? Any hints on how?

----------

## SiberianSniper

Do you have any servers specified in /etc/dnsmasq.conf ?

I have /etc/resolv.conf pointing to 127.0.0.1, and then have my external dns set up as server=x.x.x.x in /etc/dnsmasq.conf and that seems to work for me pretty well.

----------

## depontius

I don't have the specifics present on this machine, since it's not running dhcpcd, but when it gets a lease, dhcpcd writes a file with all of the relevant information you need.  You can source that file, use the information to write or tweak /etc/dnsmasq-resolv.conf, tickle dnsmasq, and you're all set.  Look at the man pages for dhcpcd, especially the "related files" section near the end.  I'll be at a system tomorrow that has dhcpcd installed, and check back on this thread.

----------

## depontius

Good morning,

On Gentoo, dhcpcd will execute /etc/dhcpcd.sh if it finds it.  That file is called with (at least) 2 arguments.  The first is the path to a file containing all of the salient lease information, including DNS servers, local address, gateway, etc.  The second argument describes what changed about the connection, like "up" or "new", "down" or "release", etc.  So...

```
#!/bin/sh

# Copyright 1999-2004 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

#

# Gentoo-specific ifplugd.action copied to dhcpcd.exe

#

# This file gets called by dhcpcd when it brings an interface

# up or down.

#

logger="/usr/bin/logger -p syslog.info -t dhcpcd.sh"

$logger "Entered dhcpcd.sh $*"

if   [ "x${2}" = "xup" ] ; then

  dOp="new"

else

  dOp=${2}

fi

if   [ "x${dOp}" = "xrelease" ] ; then

  $logger "release"

elif [ "x${dOp}" = "xdown" ] ; then

  $logger "down"

elif [ "x${dOp}" = "xnew" ] ; then

  $logger "new"

  $logger "Create new /etc/hosts file and set hostname"

  source ${1}

  dns1=`echo ${DNSSERVERS} | cut -d" " -f1`

  dns2=`echo ${DNSSERVERS} | cut -d" " -f2`

  $logger "dns1=${dns1} dns2=${dns2}"

  echo "# Generated by ugly hack"  >/etc/dnsmasq-resolv.conf

  echo "domain ${DNSDOMAIN}"      >>/etc/dnsmasq-resolv.conf

  echo "search ${DNSDOMAIN}"      >>/etc/dnsmasq-resolv.conf

  echo "nameserver ${dns1}"       >>/etc/dnsmasq-resolv.conf

  echo "nameserver ${dns2}"       >>/etc/dnsmasq-resolv.conf

  sleep 10

  newHostString=`host ${IPADDR}`

  rc1=$?

  if [ "x0" = x${rc1} ] ; then

    tooLongName=`echo ${newHostString} | cut -d" " -f 5`

    let lenNLN=${#tooLongName}-1

    newLongName=${tooLongName:0:${lenNLN}}

    rc2=$?

    if [ "x0" = x${rc2} ] ; then

      newHostName=`echo ${newLongName}   | cut -d. -f 1`

      rc3=$?

      if [ "x0" = x${rc3} ] ; then

        $logger "Pass rc1=${rc1} newHostString=${newHostString} "

        $logger "Pass rc2=${rc2}   newLongName=${newLongName} "

        $logger "Pass rc3=${rc3}   newHostName=${newHostName} "

        hostname ${newHostName}

        cp -f /etc/hosts-proto /etc/hosts

        echo "${IPADDR}   ${newLongName}   ${newHostName}" >>/etc/hosts

      else

        $logger "Pass rc1=${rc1} newHostString=${newHostString} "

        $logger "Pass rc2=${rc2}   newLongName=${newLongName} "

        $logger "Fail rc3=${rc3}   newHostName=${newHostName} "

      fi

    else

      $logger "Pass rc1=${rc1} newHostString=${newHostString} "

      $logger "Fail rc2=${rc2}   newLongName=${newLongName} "

    fi

  else

    $logger "Fail rc1=${rc1} newHostString=${newHostString} "

  fi

else

  $logger "other=${dOp}"

fi
```

In this specific case, I haven't shown tickling dnsmasq.  That's because the way this machine is set up, I'm also using ifplugd, and my scripts there start dnsmasq after dhcpcd acquires a lease and runs this script.  It also has some debug messaging that I've never bothered to yank out.  Plus it also sets the hostname, since that's one of those other things that isn't done when dhcpcd isn't overwriting /etc/resolv.conf.

----------

## UberLord

You could also install openresolv which dhcpcd will work with.

You then configure resolvconf to automatically add the 127.0.0.1 nameserver by adding it to /etc/resolvconf/resolv.conf.d/base.

openresolv then creates some special files that dnsmasq can include.

For more info, read the resolvconf man page that comes with openresolv.

Also, check the dnsmasq specific instructions in /etc/resolvconf/update.d/dnsmasq on how to link them.

----------

## depontius

I tried using resolvconf a while back, but something was clearly wrong with the installation, because it basically did nothing.  I first wrote a script or two to patch it up and make it work, then I realized that life would be simpler if I just wrote my own /etc/dhcpcd.exe and went with that.

That was also before the days of openresolv, so maybe I should reexamine this.  My real need here is the ability to switch DNS based on IP/domain, so that I can resolve addresses through a VPN while also being able to resolve addresses on whatever local connection I'm on.  In other words, not lose resolution of my home LAN, including the printer, while connecting to work through the VPN.  I use dnsmasq to do that, but IMHO it's just a bit heavyweight, and sometimes I don't like the caching, because sometimes it can hang on to a bad resolution.

----------

## Lawless

Thanks all to you.

I think I'll go with /var/lib/dhcpcd/dhcpcd-eth1.info for now. All I need is in there. 

Thanks again.

----------

## UberLord

I use dhcpcd on all my interfaces by default.

I also use OpenVPN.

Both send their resolv.conf files to resolvconf (openresolv) which then configures dnsmasq to query the OpenVPN nameservers for the VPN domain queries ONLY whilst sending all other queries to the nameservers obtained by dhcpcd.

----------

## UberLord

Just a word of warning - dhcpcd-4 will break existing script calls as all the setup that touches a file has been moved to the default script.

Infact, the script now resembles a dhclient-script on steroids.

http://roy.marples.name/node/406

----------

## depontius

Unfortunately my employer's VPN is of course proprietary, and of course they're in the process of migrating us to a different proprietary VPN, so I'm not about to go changing anything until after that, because it will all be wasted effort.

I do use OpenVPN for my own endpoint on my LAN.  IMHO OpenVPN is more reliable than the proprietary software, and I know that the previous proprietary VPN software they had us using had information leakage problems on its IKE.

----------

