dnsmasq local name resolution with NetworkManager

Network Manager suports starting dnsmasq which helps you have a local cache for DNS thus getting faster resolution for the DNS queries.

Dnsmasq with netowrkmanager

So, one thing that I have been thinking about is having a local name resolution for the VMs. So, I wanted something like this to work:

vm1 => 172.17.42,1

vm2 => 172.17.42,2

and so on …

To achieve this and reverse dns to work, we will add the entries in file “/etc/NetworkManager/dnsmasq.d/hostnames“. Just one more problem, adding so many entries manually? So, to help you with that, I created this small script:

#!/bin/bash -
#===============================================================================
#
#          FILE: add-dnsmasq.sh
#
#         USAGE: ./add-dnsmasq.sh
#
#   DESCRIPTION:
#
#       OPTIONS: ---
#  REQUIREMENTS: ---
#          BUGS: ---
#         NOTES: ---
#        AUTHOR: Amit Agarwal (aka), 
#  ORGANIZATION: 
#      REVISION:  ---
#===============================================================================

IPPRE='172.17.42.'
for i in {1..250}
do
    echo "address=/vm$i/$IPPRE$i" >> /etc/NetworkManager/dnsmasq.d/hostnames
    echo "ptr-record=vm$i,$IPPRE$i" >> /etc/NetworkManager/dnsmasq.d/hostnames
done

Just run this script to add all the entries and restart dnsmasq by killing the already running instance. 🙂

dnsmasq not starting from NetworkManager with SELinux enabled.

OpenWrt - Dnsmasq
OpenWrt – Dnsmasq (Photo credit: magicfab)

 

Some time back I posted on dnsmasq starting from Network Manager and how to setup dnsmasq.

 

Now, couple of days back , I setup dnsmasq in NetworkManager but was astonished to see that there was no dnsmasq running. I checked with dig and saw that there was no response from localhost for dns queries. Checked “ps -eaf|grep dns” and found that there was no dnsmasq running. I knew that once you mention “dns=dnsmasq” in the NetworkManager then it should start up but that was not happening. And then I checked audit log, found that some permissions were denied by SELinux.

 

First check if dnsmasq is indeed having issues because of SELinux:

 

grep -C 5 sealert /var/log/messages

 

If you do see something then time to fix it.

 

grep dnsmasq /var/log/audit/audit.log
audit2allow -M mypol && semodule -i mypol.pp
systemctl restart NetworkManager

 

And with this, you should be done, though you might have to repeat this multiple times.

 

 

Enhanced by Zemanta