Ubuntu
network-manager package

  1. Bug #1003842
  2. Comment #54

Comment 54 for bug 1003842

Revision history for this message
Simon Kelley (simon-thekelleys) wrote : Re: [Bug 1003842] Re: dnsmasq sometimes fails to resolve private names in networks with non-equivalent nameservers

On 04/02/13 22:05, Thomas Hood wrote:
> Simon in #49:
>> It doesn't work [...] the order of servers given to the DBus
>> interface isn't preserved internally
>
> Aha, so the answer to my question
>
>> Will switching on strict-order have the same effect
>> now that nameserver addresses are sent over D-Bus?
>
> (in comment #42) is "No". So switching strict-order back on is no
> solution. And solutions depending on strict-order including mine in #28
> also won't work. Unless dnsmasq is somehow changed such that it
> remembers the order in which nameserver addresses come in over D-Bus so
> that strict-order is useful in the D-Bus case, if we want to avoid
> breaking name service on machines connected to NNNs then we have to
> disable dnsmasq by default; or disable it initially and only enable it
> when we know that we aren't on a NNN.

Note that setting --strict-order is pretty much equivalent to telling
dnsmasq to use only the first nameserver, so you can very easily provide
the same behaviour - only pass the first nameserver to dnsmasq. Maybe
provide a button in NM that does this - "press here if you're in a
captive portal".

>
> (NNN = nonequivalent-nameserver network. As discussed in comment #5,
> such networks are not properly configured. But as observed several
> times, there are many NNNs out there. Which is why *many* people have
> been commenting out "dns=dnsmasq".)
>
> There is another problem with NM-dnsmasq (bug #1072899). Some VPNs have
> multiple nameservers. NM uses dnsmasq to direct VPN domain name queries
> to the *first* one. But then, if the first one goes down, the second one
> is not tried. Once again, for the sake of speed enhancement in the
> favorable case, users suffer radical name service failure in the
> unfavorable case. This is not a good deal, IMHO. NM-dnsmasq should be
> disabled by default until these problems are solved.

That's a different problem, and could be solved. Ironically, I think the
problem arises because for nameservers associated with particular
domains, the equivalent of --strict-order is always in play.

Cheers,

Simon.

>