network-manager: Please don't Depend on dnsmasq-base

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.

We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures

At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,
2. the behavior you expected, and
3. the behavior you actually encountered (in as much detail as possible).
Thanks!

At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,

Upgrade a 10.04 server/mythtv-backend/mythtv-frontend/bind9 server and dhcp3-server to 12.04.

2. the behavior you expected, and

I expected my resolver, ie bind9, and my dhcp server to work as they have for years. The dhcp server assigns DNS, IP's etc as set by the administrator.

3. the behavior you actually encountered (in as much detail as possible).

All the ubuntu clients and servers upgraded to 12.04 added a second dns cashing server. I already have two bind9 servers on the LAN, adding and requiring another less secure dns resolver aka dnsmasq to every machine is unwise. I should be able to uninstall dnsmasq without forcing or otherwise breaking things when I have bind9.
$ sudo apt-get remove dnsmasq-base
[sudo] password for cp:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  dnsmasq-base network-manager network-manager-gnome
  plasma-widget-networkmanagement
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
After this operation, 7,906 kB disk space will be freed.
Do you want to continue [Y/n]?

> I should be able to uninstall dnsmasq without forcing or otherwise breaking things when I have bind9.

You can force NM not to use dnsmasq by editing out "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf.

What remains of this report is, I think, a wish that NM's dependency on dnsmasq-base be weakend from a "Depends".

Triaged/Medium; it could probably indeed be dropped to a Recommend, since NM will still run without it, though with reduced functionality.

Do you mean you already have bind9 running on all clients? Or do you mean that you want them to use the bind9 instance available on the network? The latter case should still work; DNS information received from DHCP will get applied and passed on to dnsmasq as a local resolver because it allows more flexibility than the libc library, for instance, without a limitation of 3 DNS servers. If specific details about DNS resolution on your network don't work, please make sure you mention them clearly so that we can do any changes required.

As for using bind9 on each system; you can already also use bind9 instead of dnsmasq as a local resolver much like what is being done right now for dnsmasq. Change the dns= line mentioned by Thomas to dns=bind. However this has not been as well tested as using dnsmasq.

Sorry for the bump but dnsmasq is still enabled by default and cannot be removed without removing network-manager.

I ran into the issue where dnsmasq introduced a security problem when running VPN connections. For security reasons all DNS traffic was supposed to be flowing to the DNS server pushed by the VPN Server. This used to work before dnsmasq was made the default. With dnsmasq enabled, it sends the DNS request completely at random to the various DNS server the system has learned, including those from the public network (DHCP). This not only leaks information, it also breaks resolving hosts on the other end of the VPN because dnsmasq responds with NXDOMAIN if the query for a VPN-connected hostname happened to have ended up in the public DNS.

After commenting out the line dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf DNS is properly enforced again and behaving completely predictable.

I wish to remove dnsmasq from my client systems as well because of this security leak.

I want to completely remove dnsmasq. I do not wnat it on my system. NetworkManager functions fine without it.

sudo dpkg --remove --force-all dnsmasq-base

After reboot NetworkManager still functions as expected. Dependency is a lie. Please remove dnsmasq as a dependency.

This is a very unfortunate security issue, and a slow down of name resolution in the case of VPN tunnels. I'd propose that the importance be set to High.

Hi, if network-manager don't install with dnsmasq-base the wifi hotspot feature won't work.
Agreed that it should drop to recommends but it shouldn't be removed

P.S. in 17.04 the dnsmasq dependency has been drop, causing graphically silent fail when setting a wifi hotspot