
Run your own dnsmasq in tandem with libvirtd and NetworkManager - georgerobinson
http://blog.grobinson.net/2015/10/11/run-your-own-dnsmasq-in-tandem-with-libvirtd-and-networkmanager/
======
solidangle
If you're doing this then make sure that your router uses your DNS server so
you don't have to manually enable it on all your devices (especially those
pesky Android devices that don't allow you to have a custom dns server with a
dynamic ip).

You can also replace your routers firmware with OpenWRT. OpenWRT uses dnsmasq
by default (and allows you to customize the configuration, of course), so you
don't even have to use a separate server.

~~~
ownagefool
This is assuming your hardware is supported. I throughly endorse it if it is.

------
Klasiaster
For Debain unstable with also systemd-resolved enabled I needed these:

/etc/dnsmasq.d/network-manager:

bind-interfaces

interface=lo

/etc/systemd/resolved.conf:

[Resolve]

DNS=127.0.0.1 ::1

/etc/nsswitch.conf:

passwd: compat

group: compat

shadow: compat

hosts: files mymachines gw_name myhostname mdns4_minimal resolve
[NOTFOUND=return] dns mdns4

networks: files

protocols: db files

services: db files

ethers: db files

rpc: db files

netgroup: nis

They are so many as I also have the packages libnss-myhostname libnss-
mymachines libnss-gw-name libnss-mdns. Important to note is the
NOTFOUND=return directive after resolve, because libnss-resolved is not
available on Debian yet and thus it's going to query dnsmasq directly instead
of first resolved (which is also using dnsmasq anyway).

------
rasz_pl
Apparently I was the first person ever to attempt using dnsmasq to block ads
(Fri, Oct 27, 2006). In 2006 I reported a bug named "reading /etc/hosts takes
6 minutes" :-)

[http://lists.thekelleys.org.uk/pipermail/dnsmasq-
discuss/200...](http://lists.thekelleys.org.uk/pipermail/dnsmasq-
discuss/2006q4/000937.html)

Before every new dns entry was naively compared sequentially with current
dataset, the fix was probably a hashtable.

~~~
mjuj6ugi4
Unbound works very well to block hundreds of static domains, like you get from
ad-blocking lists, and needs very few resources. IMHO, it should be the
default for desktop distros.

------
9248
At first, when I switched to Ubuntu and saw dnsmasq I was a little happy. I
thought I could finally have something lightweight and slightly more powerful
than a hosts file plus more control over what happens with my queries.

But then I tried to search online and at least try to understand what it
actually is, what it does or is supposed to do, or what it doesn't do and so
on. Then I thought that running bind9 might be easier, at least I know what
it's supposed to do.

I finally decided to leave it the way it came with my Ubuntu. Some articles
say it's there to act as a dns cache and something else with VPNs while other
articles claim the caching functionality is turned off by default. Really
confusing for somebody who's not that experienced.

------
chronid
It seems only OpenBSD got this right (in my opinion) from a cursory inspection
of the man pages for resolv.conf - they allow for not-default port in it.
There is a bug in glibc around since 2012 [1] for this!

Oh well.

1\.
[https://sourceware.org/bugzilla/show_bug.cgi?id=14242](https://sourceware.org/bugzilla/show_bug.cgi?id=14242)

~~~
AnthonyMouse
Isn't changing the format of resolv.conf going to break everything that parses
it manually or using a library other than glibc?

