How to Configure DNSMasq to Forward .docker Requests to a Specific Nameserver While Handling Others Locally


5 views

When working with NetworkManager-controlled DNSMasq on modern Linux systems (particularly Ubuntu/Debian), the configuration differs from standalone DNSMasq. The key files are:

/etc/NetworkManager/dnsmasq.d/  # Custom configurations
/var/run/NetworkManager/dnsmasq.conf  # Runtime config

To forward .docker requests while maintaining local resolution for other domains:

# Create a new config file
sudo nano /etc/NetworkManager/dnsmasq.d/docker-forward.conf

# Content to add:
server=/docker/192.168.1.100  # Replace with your target DNS server
no-resolv                    # Don't use system resolv.conf

After saving, restart NetworkManager:

sudo systemctl restart NetworkManager

Test with:

dig test.docker @127.0.1.1

For complex scenarios, consider these additional parameters:

# Multiple nameservers with failover
server=/docker/192.168.1.100
server=/docker/192.168.1.101

# Specific port configuration
server=/docker/192.168.1.100#5353

# Debugging (check system logs)
log-queries
log-facility=/var/log/dnsmasq.log

If requests aren't forwarding:

  1. Verify NetworkManager's DNSMasq is actually running (ps aux | grep dnsmasq)
  2. Check config file permissions (must be readable by NetworkManager)
  3. Ensure no conflicting --conf-file directives exist

When working on Linux systems with NetworkManager, DNSMASQ often runs as a subprocess with custom configurations. The key files are typically located in:

/etc/NetworkManager/dnsmasq.d/  # Custom configurations
/var/run/NetworkManager/dnsmasq.conf  # Runtime configuration

To forward only .docker requests while handling others locally:

  1. Create a new configuration file:
    2. sudo nano /etc/NetworkManager/dnsmasq.d/docker-forward.conf
  2. Add these directives:
    3. # Forward all .docker requests to specific server
server=/docker/192.168.59.103
server=/docker/8.8.8.8

# Use system resolvers for other domains
no-resolv
no-poll
strict-order

For more complex scenarios, consider these patterns:

# Multiple forwarders with failover
server=/docker/192.168.1.100
server=/docker/192.168.1.101

# Specific port configuration
server=/docker/192.168.1.100#5353

# Debugging queries (check syslog)
log-queries

After making changes, restart NetworkManager and test:

sudo systemctl restart NetworkManager
dig test.docker @127.0.1.1
nslookup test.docker 127.0.1.1

Check logs for troubleshooting:

journalctl -u NetworkManager -f
sudo tail -f /var/log/syslog | grep dnsmasq
  • Add multiple upstream servers for redundancy
  • Consider TTL adjustments for cached responses
  • Monitor DNS resolution times
  • Document the configuration for team members