I'm running Arch Linux with NetworkManager and dnsmasq set up. It all seems to work fine, except that I try to use the new CloudFlare 1.1.1.1
DNS, but the resolver keeps using the DNS that is advertised by my router. The nameservers seem to be added, including my router's IP, see below:
Apr 04 20:02:56 tdewolff dnsmasq[22337]: setting upstream servers from DBus
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver 2606:4700:4700::1001#53
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver 2606:4700:4700::1111#53
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver 1.0.0.1#53
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver 1.1.1.1#53
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver 192.168.1.254#53(via wlp4s0)
Apr 04 20:02:56 tdewolff dnsmasq[22337]: using nameserver fe80::1%wlp4s0#53
Apr 04 20:02:56 tdewolff dnsmasq[22337]: cleared cache
Using nmcli dev show
consistently shows:
IP4.DNS[1]: 192.168.1.254
IP6.DNS[1]: fe80::1
but I want to use the CloudFlare DNSs regardless of the local network (and not have to change the connection settings for every network). How can I change the order of DNS look-up, or disable the router's resolver? I've tried adding strict-order
to /etc/NetworkManager/dnsmasq.d/local
but to no avail.
Best Answer
I'm not using
dnsmasq
, but I had a similar issue. The solution for me was:Put the DNS servers you want in
/etc/resolv.conf
(ref)Tell NetworkManager not to modify your
/etc/resolv.conf
by writing in your/etc/NetworkManager/NetworkManager.conf
(ref)Probably restart NetworkManager etc. afterward. If you do
nmcli dev show
it shows the DNS server reported by the router:But if you use
nslookup
(frombind-tools
in Arch), it looks like1.1.1.1
is actually used for the query:UPDATE: config with dnsmasq
I tried out a config with dnsmasq. NetworkManager has a
dnsmasq
plugin that you can use by putting into/etc/NetworkManager/NetworkManager.conf
the following:This will start
dnsmasq
with NetworkManager and put127.0.0.1
into/etc/resolv.conf
(ref). However, I did not do it this way because then dnsmasq isn't managed bysystemctl
and you don't automatically end up with logging in journalctl (maybe there is some way around this).Instead, I used the following config (ref):
/etc/NetworkManager/NetworkManager.conf
:/etc/resolv.conf
:/etc/resolv.dnsmasq.conf
:/etc/dnsmasq.conf
:Restart NetworkManager and
dnsmasq
. Now, verify your local nameservers didn't get overwritten:We can also question NetworkManager:
But those entries are seemingly just indicating what the router has reported, not necessarily what will actually be used for a query, because if we do
drill google.com
, we see that127.0.0.1
was in fact used:Also, if you put
log-queries
into/etc/dnsmasq.conf
as shown above, you see injournalctl
after runningdrill stackoverflow.com
twice:The first time it asked
1.0.0.1
, the second time it found the result in the cache. You can removelog-queries
fromdnsmasq.conf
if satisfied.