Trying to change the nameservers, I am stuck by the complexity I found

by

I am trying to change the nameservers being used by my Ubuntu machine (just my laptop, not a server).

In the good old days in which I was using Slackware I just needed to edit /etc/resolv.conf and my job was done.

After figuring out that /etc/resolv.conf is actually generated by resolvconf I edited /etc/resolvconf/resolv.conf.d/head as such:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4

But my job is not done. I see that an unwanted line is still added in /etc/resolv.conf:

nameserver 127.0.1.1

I don’t like this because I want the name resolution to fail just after trying Google’s nameservers.
This line isn’t in any file in /etc/resolvconf/resolv.conf.d/ and here my confusion begins. By sudo netstat -ltnp I see that I have a name server daemon running on my laptop:

tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      4889/dnsmasq

Why would I need that? I cannot remove the package containing dnsmasq (which is dnsmasq-base) because these packages depend on it:

  checkbox-gui checkbox-qt dnsmasq-base network-manager network-manager-gnome plainbox-provider-checkbox plainbox-provider-resource-generic ubuntu-desktop

Is this service running on port 53 really necessary to the well-being of my machine? How can I prevent it from running without using GUI tools and without compromising NetworkManager?

Attempt to a solution

Tried altering /etc/NetworkManager/NetworkManager.conf and restarting NetworkManager by commenting the line referring to dnsmasq

[main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq

[ifupdown]
managed=false

The aforementioned unwanted line in resolv.conf did indeed disappear. But, unfortunately it seems to be replaced to this line: 

nameserver 192.168.0.1

Would be nice to have some elucidation on the meaning and purpose of such behavior.

A temporary fix is to remove the link /etc/resolv.conf -> ../run/resolvconf/resolv.conf and creating a new /etc/resolv.conf file from scratch. This would work.. somewhat. It would not add other useful name informations (such as the search directives) that come from the DHCP.
So, a definitive solution that allows resolv.conf to be generated by resolvconf or NetworkManager still needs to be found.

Answer

The rationale behind the introduction of dnsmasq as a local DNS relay is stated here in a blogpost by Stéphane Graber.

Citing the main reason:

This was done to better support split DNS for VPN users and to better
handle DNS failures and fallbacks. This dnsmasq server isn’t a caching
server for security reason to avoid risks related to local cache
poisoning and users eavesdropping on other’s DNS queries on a
multi-user system.

The big advantage is that if you connect to a VPN, instead of having
all your DNS traffic be routed through the VPN like in the past,
you’ll instead only send DNS queries related to the subnet and domains
announced by that VPN. This is especially interesting for high latency
VPN links where everything would be slowed down in the past.

You’ll also find many comments following !

Attribution
Source : Link , Question Author : fstab , Answer Author : alci

Leave a Comment