Written by Anish Bhatt

Solving dnsmasq/vpn resolv.conf contention with openresolv

One middleman to control them all

dnsmasq is a great DNS cacher to speed up queries to previously visited sites, and also serve as DHCP server is need be. Since it runs locally, you generally end up adding an entry of nameserver to /etc/resolv.conf. If you happen to use a vpn connection occasionally via something like vpnc, it will overwrite your resolv.conf with your vpn providers nameservers, essentially bypassing dnsmasq. While there is no big harm here, if you would still like to use dnsmasq in your vpn connections without manually overriding the nameservers, openresolv is the tool for you.

Actually getting dnsmasq, vpn & openresolv to work together is fairly straight forward. The rest of this entry assumes you have openresolv installed (which is pretty straight forward and provided by most distros).

This is what a regular dnsmasq setup looks like. Since the actual resolv.conf is almost always auto generated nowadays, you add the entry for dnsmasq to resolv.conf head file

$ cat /etc/resolv.conf.head

What we’re going to do is setup openresolv to provide nameservers and configuration to dnsmasq from a pre-specified location and have dnsmasq configured to pick them up from said location. Thus the actual resolv.conf is generated by openresolv, with dnsmasq as the middle man, with openresolv feeding dnsmasq the fallback servers and search domains as well. Clear out any resolv.head files you may have modified (though this is optional really). The first configuration we setup is openresolv, as show below. You can change the file names (except for /etc/resolv.conf obviously) if you like.

$ cat /etc/resolvconf.conf
  # If you run a local name server, you should uncomment the below line
  # and configure your subscribers configuration files below.

Next you change the following entries in dnsmasq configuration in /etc/dnsmasq.conf


conf-file is optional, and used for any custom configuration that you would normally do in resolv.conf. Make sure the file names match with the configuration in openresolv.conf. /etc/dnsmasq-resolv.conf will always contain the actual nameserver configuration that dnsmasq will fallback on for entries not found in cache. That’s pretty much all the configuration required to make openresolv, dnsmasq & vpn work together.

comments powered by Disqus