Dnsmasq being used as server's DNS server when it shouldn't be

Question

I have the box's DNS nameserver hardcoded in /etc/network/interfaces with

dns-nameservers 8.8.8.8

(I just have to google DNS during testing, using another DNS live.)

And then I have dnsmasq running on the box to be a DNS cache, but also to rewrite a few DNS entries to point to Apache as a proxy.

Now for some reason I haven't been able to figure out the box is using dnsmasq for it's DNS server whenever dnsmasq is running, despite what the DNS nameserver is set too. If I have dnsmasq set to to listen on all interfaces and 127.0.0.1, all lookups just go through dnsmasq including the ones that are supposed to be proxied so it just gets caught in a loop instead of proxied. If I use don't use lo and comment out listening on 127.0.0.1, I don't get DNS at all.

except-interface=lo
#listen-address=127.0.0.1

There is no iptables rule or anything redirecting all DNS traffic, only allowing access only to our IP range.

There must be something that I am missing, but I can't figure it out.

With dnsmasq disabled digs go through the set DNS, with it enabled it goes through 127.0.0.1

Any ideas?

Answer 1

The startup script in Ubuntu and Debian for dnsmasq explicitly adds the nameservers to /etc/resolv.conf on starting or ending the service.

To make prevent this you need to edit /etc/default/dnsmasq (not /etc/dnsmasq.conf) And add the line

 DNSMASQ_EXCEPT=lo

This will prevent dnsmasq from automatically setting itself as the nameserver in resolv.conf, though it will still make changes setting resolv.conf to be

nameserver (your nameserver)
nameserver 127.0.0.1