[Bug 959037] Re: NM-controlled dnsmasq prevents other DNS servers from starting
Robin Battey
ubuntu at zanfur.com
Wed Dec 5 23:18:33 UTC 2012
In response to #131 and #134 by Thomas:
I would argue that "will it conflict with anything that exists?" is the
wrong question, here. Certainly it will conflict in the future, and
removing the users ability to run a DNS service on the wildcard address
is suboptimal at best, even if they don't *need* to. To directly answer
the question about something that conflicts: the internal resolver of
the samba4 packages. They're beta right now, but the scheduled release
date is December, and there's no parameter (yet) for altering the port
or interfaces. This is actually the one that bit me originally.
To answer "what does it give us?", currently NM invokes a single dnsmasq
instance that must be shared between all users. This isn't ideal,
because NM connections can be per-user, and this could lead information
disclosure at worst and oddly-rearranged DNS resolve orders at best.
With an NSS module, you could spin up one dnsmasq instance for the
system on a possibly priviliged port (but not 53) and one per user
(above 1024), and link them together as forwarders so that only the user
owning the connection will use the resolution they've specified in the
GUI. It would require som tracking of which user's instance is on which
port,and auto-invoking them when necessary, and shutting it down when
the user logs out, but would allow for much more flexible and clean
separation of user settings.
For the record, I am happy to write the NSS plugin myself, but it would
require some changes in NM core itself, so I would have to work with
someone on the NM team to implement it. If you're interested, and know
who that would be, please do let me know.
I will also create a new bug report as requested.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/959037
Title:
NM-controlled dnsmasq prevents other DNS servers from starting
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/djbdns/+bug/959037/+subscriptions
More information about the Ubuntu-server-bugs
mailing list