# [solved]dnsmasq didn't query 127.0.0.1 as a third dns server

## toralf

Hello,

I've some definitions in /etc/hosts which won't be used if my VPN software changed the /etc/resolv.conf into this :

```
tfoerste@n22 ~ $ cat /etc/resolv.conf

#@NETVPN_GENERATED@ -- this file is generated by NetVPN

# and will be overwritten by NetVPN

# as long as the above mark is intact

nameserver 9.64.163.21

nameserver 9.64.162.21

nameserver 127.0.0.1

```

Because the VPN programs monitors resolv.conf I don't have any chance to move the 127.* entry on top of the three servers. Or how can I tell dnsmasq to query 127.* first ?Last edited by toralf on Mon Feb 01, 2010 4:40 pm; edited 1 time in total

----------

## boerKrelis

 *toralf wrote:*   

> 
> 
> Or how can I tell dnsmasq to query 127.* first ?
> 
> 

 

Just to clear this up. You don't necessarily get answers from /etc/hosts by querying 127.0.0.1. There may not even be a nameserver listening at 127.0.0.1.

/etc/hosts is used by NSS through glibc, I believe. Which means that, from the local machine, you can get answers from /etc/hosts without any query ever being sent to any name server at all.

----------

## depontius

The easiest way to handle this is to do some tweaking in the AGN dialer.  Unfortunately I have the fix on a home machine, and can't give you the full details at the moment.  But I can say that it involves editing "/opt/agns/bin/ConfigAGN.sh", of course after having saved a copy.  Inside that file, I tweak the "write_resolvconf()" and "reset_resolvconf()" routines.

In essence, "/etc/resolv.conf" never gets overwritten - it always points to 127.0.0.1 and dnsmasq.  Instead, I have the company nameservers in another file that I move in and out of "/etc/dnsmasq.d", and then kick dnsmasq to tell it to pick up or drop the added nameservers.  I'm a bit sloppy in that I've simply hardcoded the company nameservers in a file, and don't pick them up on the fly when the AGN link comes up.  But that hasn't been a big deal so far.

----------

## toralf

The "host" command itself doesn't resolve hostnames if it is defined only in /etc/hosts and if I do not have a running dnsmasq and the 127.* nameserver defined (for dnsmasq of course).

But nevertheless I circumvent this issue, even if "host" doesn't work, a ssh connection works fine b/c ssh follows the conventions to resolve a hostname into an ip address.

----------

## boerKrelis

 *toralf wrote:*   

> 
> 
> The "host" command itself doesn't resolve hostnames if it is defined only in /etc/hosts [...]
> 
> 

 

Hey, you're right. The "ping" command, however, does. Just out of curiousity I straced ping and it (and its libs) do

```

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/lib/libresolv.so.2", O_RDONLY)   = 3

open("/lib/libc.so.6", O_RDONLY)        = 3

open("/etc/resolv.conf", O_RDONLY)      = 4

open("/etc/resolv.conf", O_RDONLY)      = 4

open("/etc/nsswitch.conf", O_RDONLY)    = 4

open("/etc/ld.so.cache", O_RDONLY)      = 4

open("/lib/libnss_files.so.2", O_RDONLY) = 4

open("/etc/host.conf", O_RDONLY)        = 4

open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 4

open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4

```

whereas "host" and the libs it is compiled against do

```

open("/etc/ld.so.cache", O_RDONLY)      = 3

open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3

open("/lib/libnsl.so.1", O_RDONLY)      = 3

open("/lib/libc.so.6", O_RDONLY)        = 3

open("/lib/libdl.so.2", O_RDONLY)       = 3

open("/lib/libz.so.1", O_RDONLY)        = 3

open("/etc/resolv.conf", O_RDONLY)      = 4

```

That explains.

----------

## toralf

@depontius

thx - I'll try that.  :Smile: 

----------

