2

I am using Ubuntu 12.04.2 LTS.

If I issue the following command

sudo gedit /etc/NetworkManager/NetworkManager.conf

and change the line

dns=dnsmasq

to

#dns=dnsmasq

What will happen? Will I disable or enable DNS caching?

Additional notes:

I have been told that since I am using a VPN service, it would be better for me to do the above.

Eric Carvalho
  • 54,385
n00b
  • 1,897

2 Answers2

0

Extract from http://www.ubuntugeek.com/how-to-disable-dnsmasq-in-ubuntu-12-04precise.html

The big advantage is that if you connect to a VPN, instead of having all your DNS traffic be routed through the VPN like in the past, you’ll instead only send DNS queries related to the subnet and domains announced by that VPN. This is especially interesting for high latency VPN links where everything would be slowed down in the past.

As for dealing with DNS failures, dnsmasq often sends the DNS queries to more than one DNS servers (if you received multiple when establishing your connection) and will detect bogus/dead ones and simply ignore them until they start returning sensible information again. This is to compare against the libc’s way of doing DNS resolving where the state of the DNS servers can’t be saved (as it’s just a library) and so every single application has to go through the same, trying the first DNS, waiting for it to timeout, using the next one.

So it will not disable it as such, it will be less "safe" and efficient under certain circumstances. Like VPN

Meer Borg
  • 4,963
  • Thanks a lot for your time in writing a detailed explanation. However I don't have a background in IT; hence there are parts of it that I don't understand. Am I right to say that you advise that I do not place the # in front of dnsmasq if I'm using a VPN service to connect to the internet? – n00b Jun 03 '13 at 00:23
  • @noob You can disable it without any major issues. If you find that it takes web pages longer to load, I would reactivate it. I have it enabled as disabling it doesn't give me any advantages. – Meer Borg Jun 03 '13 at 00:25
  • Thanks for your reply. One of the explanations given by my VPN provider is that if I wish to ensure that all programs tunnel through the VPN and that all programs will be blocked from connecting to the internet if the VPN is disconnected, I should place the # in front of dnsmasq. Is that correct? – n00b Jun 03 '13 at 00:41
  • @n00b Yes, my DNS is not blocked in anyway so I don't need to do that, but if your DNS is restricted then definitly disable that feature. – Meer Borg Jun 03 '13 at 00:43
0

  1. dnsmasq launched by NetworkManager doesn't cache query results by default. You can confirm this by running:

    ps aux | grep dnsmasq

    You should see --cache-size=0 as an argument to dnsmasq, which disables caching.

  2. If you want to make sure DNS as well as any traffic is being routed through VPN (I believe you do based in your other question), you can use iptables to accept output traffic destined to VPN gateway and block any other destination. Thus there's no need to touch Networkmanager configuration.

Community
  • 1
Eric Carvalho
  • 54,385