After “demoting” my NS instance from a gateway, running DHCP/DNS services to just another machine on the LAN, I’ve been shutting down the unwanted services one by one. Initially it was just DHPC, via the DHCP panel, so there was only a single DHCP server on the LAN. This left dnsmasq still handing out the DNS IPs for hosts I had declared as static, as I didn’t (initially) delete those assignments.
Now I’ve moved all the static IP assignments over to the gateway appliance, I was trying to switch all the DNS functions over to it. Initially I just set the network DNS IP to be the gateway. This worked for all “external” lookups from NS, but failed to resolve any internal ones.
My next move was to disable dnsmasq. This actually made things worse, as now I lost all DNS from the NS machine.
Digging around, I noticed that /etc/resolv.conf was still pointing at 127.0.0.1 as the DNS resolver, even though there wasn’t anything listening on port 53 any more.
Running “expand-template /etc/resolv.conf” appears to have solved the issue, as I now have the correct reference to the gateway DNS.
So, it looks like changes to dnsmasq are not forcing a rebuild of /etc/resolv.conf, even though the 2 are closely intertwined.
DNSmasq is a core component of NethServer and can’t be disabled.
If you really want to byass it, you need to mask the unit and make some templates custom.
If you want a resolv.conf that points to an external server, you need a template-custom also for it.
In which case it doesn’t “play nice” when it isn’t running in a gateway role and another server is also configured as the authoritative DNS server. You have to duplicate the local LAN entries.
Why, the “standard” template has all the code in it already to check for dnsmasq being disabled, and if so, to pull the external server from the dns configuration.
All that’s missing is to make the last step as part of any dnsmasq enable/disable/configuration.
Just leave dnsmasq enabled and use your internal DNS as upstream DNS (as you already did).
You can even force a domain to a specific DNS server: DNS — NethServer 7 Final
Just doing that and nothing else doesn’t work. Non FQDN names are stopped at dnsmasq by “domain-needed”. FQDN names are only passed to the Samba server defined in 50sssd and not upstream.
