Please make NetworkManager-controlled dnsmasq respect /etc/hosts

Bug #993298 reported by jerico on 2012-05-02
This bug affects 91 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)

Bug Description

Since 12.04 NetworkManager uses the dnsmasq plugin by default to resolve DNS requests. Unfortunately the dnsmasq plug-in has --no-hosts, etc. hard coded [1] which means (among other things) that after the upgrade to 12.04 /etc/hosts will no longer be used to resolve DNS requests. This changes the prior behavior of NetworkManager without any visible warning to the end user. AFAICS there's no other way to work around this problem as to manually revert the change and disable the dnsmasq plug-in in the NetworkManager config, see [2,3]:

"To turn off dnsmasq in Network Manager, you need to edit /etc/NetworkManager/NetworkManager.conf and comment the 'dns=dnsmasq' line then do a 'sudo restart network-manager'."

This is of course not a bug in the NetworkManager which just behaves as intended. The problem is in the change of the configuration of the Ubuntu packaging which will probably leave many wondering why their /etc/hosts suddenly no longer works. This cost me considerable time to debug and probably is a usability problem for others, too.

Maybe you could provide a more visible documentation than that in [3]? E.g., *including a comment in /etc/hosts that explains the change* and how to work around it would have saved me a lot of time. It would have automatically alerted me on upgrade as manual changes to /etc/hosts would then have triggered a prompt while leaving those users with standard /etc/hosts in peace.

Probably similar problems arise with other disabled config files and could be alerted to the users? Thinking of resolv.conf, etc.

[1], line 285
[2] i.e.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager (Ubuntu):
status: New → Confirmed
god (humper) wrote :

How come the importance is still not set to 'critical'?
It completely breaks network setup for many users.

Allan Pratt (apratt-) wrote :

I hope the relevant people notice this bug report soon, it's serious. Failure to respect /etc/hosts removes a powerful way to manage networks and also to block ads and some types of web threats.

You can disable dnsmasq by commenting it out in the NetworkManager config, as the OP said, but there is also a hacky way to let run dnsmasq but remove the --no-hosts option: wrap dnsmasq in a shell script that passes all parameters except that one to the original binary.

This answer was found at which helpfully linked back to this bug.

Thomas Hood (jdthood) on 2012-06-22
summary: - NetworkManager does not use local hosts configuration any more
+ NetworkManager-controlled dnsmasq does not respect /etc/hosts

This affects me as well. Unfortunately commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf doesn't seem to help.

Thomas Hood (jdthood) wrote :

@karloskar wrote:
> Unfortunately commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf doesn't seem to help

What's the "hosts" line in your /etc/nsswitch.conf?

Thomas Hood (jdthood) on 2012-07-17
summary: - NetworkManager-controlled dnsmasq does not respect /etc/hosts
+ Please make NetworkManager-controlled dnsmasq respect /etc/hosts
Thomas Hood (jdthood) wrote :

@Christian: Can you explain how everything was configured when it worked? Were you using dnsmasq locally?

Thomas Hood (jdthood) wrote :

Contributors have claimed here (bug #993298) above that /etc/hosts is no longer respected, but that is not the case. As always, with

    hosts: files [...]

in /etc/nsswitch.conf, the libc resolver consults /etc/hosts first.

Yes, NM runs dnsmasq with the no-hosts option. Consequently a DNS lookup on does not respect /etc/hosts. But prior to Ubuntu 12.04, NM didn't start a local nameserver at all; no DNS lookups were done externally and /etc/hosts wasn't respected then either.

The contributors who say that /etc/hosts is "no longer" consulted must (I conclude) have been running the standalone server version of dnsmasq before. That dnsmasq respects /etc/hosts and listens at by default. Now, because of bug #959037 it is not possible in Ubuntu 12.04 to run standalone dnsmasq alongside nm-dnsmasq. But it *is* possible to run standalone dnsmasq if nm-dnsmasq is disabled (by commenting out "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf and restarting network-manager) and that should restore the old situation.

Assuming that the underlying wish is that standalone dnsmasq can be run without the need to comment out "dns=dnsmasq", I propose to merge this report with #959037 which discusses ways of realizing this. See, for example, comment #88 in that bug report.

jerico (jerico-dev) wrote :

The previous poster wrote: "But prior to Ubuntu 12.04, NM didn't start a local nameserver at all; no DNS lookups were done externally and /etc/hosts wasn't respected then either."

IMO this is not true. I've got no instance of dnsmasq running and entries in /etc/hosts are respected when e.g. letting Firefox (or any other application I've access to) resolve URLs.

AFAIK /etc/hosts is in not directly linked to dnsmasq and it doesn't matter whether DNS lookups are done externally or not. The hosts mechanism is much older than dnsmasq. For backwards compatibility it has always been maintained as a first layer of resolving host names. IMO it is most unusual for a Linux distribution to provide a default configuration that does not respect /etc/hosts. To my knowledge there's no other operating system distribution (including Mac + Windows) that does so.

Of course you are free to configure default Ubuntu as you like. But it would be great to respect published upgrade policy. What happened is that the upgrade to 12.04 silently changed the configuration in a way that broke all working /etc/hosts configurations. It is basic Debian/Ubuntu policy that such a thing should not happen without at least consulting the user and giving him/her a choice or a heads up.

Thomas Hood (jdthood) wrote :

Argh, I wrote "But prior to Ubuntu 12.04, NM didn't start a local nameserver at all; no DNS lookups were done externally and /etc/hosts wasn't respected then either." There's a typo in there. I meant to say:

    But prior to Ubuntu 12.04, NM didn't start a local nameserver at all; DNS lookups were done externally and /etc/hosts wasn't respected then either.

Thomas Hood (jdthood) wrote :

jerico wrote:
> I've got no instance of dnsmasq running and entries
> in /etc/hosts are respected when e.g. letting Firefox
> (or any other application I've access to) resolve URLs.

Yes, that is because the libc resolver consults /etc/hosts without doing a DNS lookup.

> AFAIK /etc/hosts is in not directly linked to dnsmasq
> and it doesn't matter whether DNS lookups are done
> externally or not.

The standalone dnsmasq (i.e., the dnsmasq that runs when the dnsmasq package is installed) does consult /etc/hosts when resolving names. This feature can be disabled.

> The hosts mechanism is much older than dnsmasq.

That's true.

> IMO it is most unusual for a Linux distribution to provide
> a default configuration that does not respect /etc/hosts.

That would be highly unusual. Ubuntu is not unusual in this respect. In Ubuntu 12.04 /etc/nsswitch contains

    hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

thus for host name lookups the libc resolver looks first at /etc/hosts.

Try this yourself. Add the line foo

to /etc/hosts and then try "ping foo".

     $ ping foo
    PING foo ( 56(84) bytes of data.

Changed in network-manager (Ubuntu):
status: Confirmed → Opinion
Christian (bolek2000) wrote :

I removed my comment, because I found out that there was a mistake in my Kerberos config. I couldn't figure it out because the ping <host> doesn't work in my case because the companies firewall doesn't allow it. Its better to use something like traceroute <host> in this case. But sometimes one cannot see things ;-) So luckily I must admit that /etc/hosts works for me. (marcond) wrote :

Well, my system is a fresh install were I just preserved my home directory and the foo doesn't works.

The nsswitch.conf does have the 'files' on the hosts: entry. So, I must assume that either:

1) My system install was broken someway OR
2) There is some config file on user's home which can affect the DNS resolving OR
2) indeed /etc/hosts is being IGNORED, on a fresh install.

Well, I don't have time to dig into this, but I will gladly give any required information you request.

ABR (adrian-b-robert) wrote :

It's great that /etc/hosts is still consulted by ordinary lookups originating from the Ubuntu system, but the hardcoded removal of /etc/hosts use from dnsmasq config causes other problems, for example if you want this system to provide DNS services for other machines, for example even VMs running in VirtualBox, etc. on the same host. So, while there may be some sense of removing the redundant /etc/hosts use for dnsmasq by default, please make it easier to undo this default, by making the command-line arguments / config user-visible in a config file, not hardcoded somewhere inaccessibly. Thanks!

Gary Edwards (gedwards-a) wrote :

I just did a fresh install on 2 laptops that were working fine with version 12.04. Both laptops have this issue with version 12.10. I've tried commenting out dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf and creating a wrapper script for dnsmasq that removes the --no-hosts option. Neither of these suggestions worked and the wrapper script caused the system startup to hang.

I've read comments that the dnsmasq functionality has been part of Network Manager since version 12.04; however, I didn't see this problem on 12.04. It seems that something changed with 12.10 to manifest it. I'm surprised that I haven't seen more reports of it. It also seems odd that some are reporting that the work arounds worked and others are not reporting the problem at all.

I agree with another poster that this bug should be marked critical. It's very annoying that such a basic and critical OS functionality was broken and the bug is only marked as Opinion and remains unassigned. I held off on installing 12.10 to allow time for bug fixes but, sadly, I didn't wait long enough.

lengzhen (hhylx1950) on 2012-12-15
Changed in network-manager (Ubuntu):
status: Opinion → Confirmed

Has this now been resolved?

Because it appears to be working without any of the hack mentioned in askubuntu.

Fastguy (erenoglu) wrote :

I'm on Ubuntu 14.04. This is affecting me. I'm sharing my wifi connection. The problem is that there's a server that has to be queried from a DNS outside of my normal one, but since dnsmasq is using default DNS servers set by dhcp, the devices behind this shared wifi connection can't connect to that specific server.
 I need to add a line to dnsmasq configuration, such as
I found no way to do it and even trying to send a message with dbus did not work (for me). Probably I could not sort it out.

I have the specific server ip hardcoded in the /etc/hosts file. If dnsmasq respected the /etc/hosts file, then the hosts behind the shared wifi connection could have obtained the right ip address for the server.

It's very strange to hardcode dnsmasq parameters into the C code rather than leaving it out to some configuration file.

Fastguy (erenoglu) wrote :

OK, I managed to send a dbus signal to set specific dns for a specific domain but this signal went to the initial dnsmasq started when system booted up.
So the dnsmasq started by the wifi sharing connection has no dbus interface and it doesn't read the /etc/hosts. It has totally static hardcoded configuration.

The only way to overcome this issue was the very dirty solution of putting dnsmasq in a wrapper script to remove the --no-hosts parameter :(

d1663m (duane-meyer) wrote :

Ubuntu 14.04 - Firefox browser refuses to obey /etc/hosts

I have an entry in /etc/hosts pointing to a public internet IP which doesn't already have a DNS hostname associated.

Following advice from this post:

I added/edited this file on my system: /etc/NetworkManager/dnsmasq.d/hosts.conf

Adding the following line:

After restarting network-manager, nslookup and dig both respond with the IP address configured in /etc/hosts as I would expect.

Firefox still refuses to obey the host entry. Even after a system reboot. Even when dnsmasq is returning a result for command line DNS lookup tools.

Shahar Or (mightyiam) wrote :

@d1663m, Perhaps Firefox keeps some cache.

Greg Bell (gbell-spamless) wrote :

Affects me. Ubuntu 14.04. dig -x takes a long time to not come up with an answer. And that's because it's defined in /etc/hosts.

lsof -i and tcpdump are two programs that can do do reverse-DNS lookups, and ignoring /etc/hosts means they take way longer than they normally would.

Hardcoding command line options? Updates breaking things badly? Agree with previous comments.

Sonia Hamilton (sonia) wrote :

+1 affects me.

d3ngar (d3ngar) wrote :

WTF? How come this is still an issue for over so many years? I can actually see that dnsmasq is getting started with the parameters to ignore the hosts file. This should be fixed, so people can set-up their networking again!

Greg Bell (gbell-spamless) wrote :

There is a hack-ish workaround, yet it reminds me of the good ol' days of Linux when you could actually control things from simple text files:
    See Method 1 at

Between NetworkManager, resolvconf, Bonjour, mDNS, dnsmasq (and I think even dbus)... things seem to be quite hard to understand, control and fix these days.

Shahar Or (mightyiam) wrote :
Shahar Or (mightyiam) wrote :

I should have written more in my previous message.
Having a local lightweight DNS server configured by default, even if it does not respect `/etc/hosts`, may be seen as an opportunity.
Don't force it to use `/etc/hosts`. Just configure it by adding to `/etc/NetworkManager/dnsmasq.d`.
This means we can add wildcards, which isn't possible in `/etc/hosts`.
This is pretty awesome. For a fuller explanation, see here:

god (humper) wrote :

Much better solution would be adding wildcards support directly to /etc/hosts. Or at least to systemd-resolved.
There is even RFE for the latter:

Having dns server running just to add wildcards is really an overkill. Systemd-resolved is much better suit.

Gerard Weatherby (gerardw) wrote :

Pointlessly aggravating to break something that long term linux users have relied on for years. At a minimum, a comment in the default /etc/hosts would be useful.

Kim Scarborough (sluggo) wrote :

At the very least there could be a "dnsmasq_options" entry in NetworkManager.conf that could override the default options that NetworkManager calls dnsmasq with.

macone (wsq302) wrote :

+1 Affects me. Tooks me some time to dig and find out the solution. It's really bad user experience.

L-reimann (l-reimann) wrote :

+1 Also affects me. Took me quite some time to find this bug report. Very unusual behavior.

Using a hosts.conf in /etc/NetworkManager/dnsmasq.d with the content is not able to simulate multiple IP addresses for one FQDN:

From the manpage:
-A, --address=/<domain>/[domain/][<ipaddr>]

Specify an IP address to return for any host in the given domains. Queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6. To give both IPv4 and IPv6 addresses for a domain, use repeated -A flags. Note that /etc/hosts and DHCP leases override this for individual names.

This is untrue if the --no-hosts is forced upon us. Also I do not like to restart services to modify a host entry.

uDude (mfkyle) wrote :

I found a solution on stackoverflow thanks to @kbenoit there.

This is not really a bug at all. You just have to configure stuff under /etc/NetworkManager/dnsmasq.d instead, e.g.,

    # echo "addn-hosts=/etc/hosts" > /etc/NetworkManager/dnsmasq.d/hosts.conf
    # service network-manager restart

I will point out the following statement from the networkmanager.conf man page ON THE GNOME WEBSITE (not on the ubuntu 16.04 man page):

It is possible to pass custom options to the dnsmasq instance by adding them to files in the "/etc/NetworkManager/dnsmasq.d/" directory.

Add any options you want.

uDude (mfkyle) wrote :

I vote that this bug be closed based on #32, dnsmasq is fully controllable.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers