Ezra Sharp

DNSMasq + Network Manager + Docker = Fun?

So the idea is to try and use my existing tech (out of the box Fedora 33) to take requests for local services and poke them towards docker containers.

In the case of working on work stuff, this is poking requests to a traefik instance in docker, and in the case of my own chicken scratchings, directly to a Caddy server instance.

And afer many days and weeks of tearing my hair out, I’ve got it working as I’d like. Previously it was kinda working for Ubuntu, but Fedora made things a bit more insteresting.

Steps

So now follows a number of steps (lets be honest, this is a note for myself so I can reproduce it later):

  1. Disable systemd-resolved because, no.
  2. Piggyback onto NetworkManager’s own instance of DNSMasq.
  3. Write a sexy config for NM’s DNSMasq to do all the fancy redirects.
  4. Release the Niffler!

Step 1

Disable systemd-resolved (hate this thing, and really have no idea what it does other than hog port 53 to itself. But the internet seems to agree it’s ok to disable it).

$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved

Step 2

Turns out NetworkManager has it’s own sneaky DNSMasq that will kick off if you enable it. So lets create /etc/NetworkManager/conf.d/00-dnsmasq.conf and dump in:

[main]
dns=dnsmasq

Next time Network Manager starts, a sneaky DNSMasq service will spawn off of it with default settings.

Step 3

Now comes the fun part. Lets create /etc/NetworkManager/dnsmasq.d/00-default.conf and dump in our sexy content!

# Only match requests with a domain name in them
domain-needed
# Can't remember what this one did
bogus-priv
# Ignore /etc/resolv.conf
no-resolv

# Set a custom cache size (default is 400) for caching request responses
#cache-size=0

# Bind to the loopback network interface and my wifi card
interface=lo
interface=wlp2s0

# Poke all requests to a TLD of .test (e.g. my-app.test) to the localhost where my Caddy or Traefik servers are bound. We can list as many as we need.
address=/test/127.0.0.1

# Set the DNS servers to hit after failing to match to the above address
server=8.8.8.8
server=8.8.4.4

# Everyone likes logs, but maybe not right now
#log-queries
#log-facility=/tmp/dnsmasq.log

Step 4

Release the niffler right? WRONG. Now we reboot out PC. Yes we must. I know it sucks. And when we return everything should work and THEN and only THEN can we release the niffler.

And I can poke my web browser to planetside.test or super-awesome-secret-app.test without needing to mess with my /etc/hosts file every time.

This also means I don’t have to modify the DNS settings for each different Wifi network I connect to to poke requests back to localhost, which is the main PITA.

Possible follow-ups

I’d like to see if I can get away with no specifiying the server DNS addresses in the DNSMasq config and hold them in /etc/NetworkManager/conf.d/ with the global-dns-domain* options if possible.

I’d also like to build my own Traefik service in docker to manage my local dev projects, similar to how my work does it. Makes things very easy.

Enjoy! Tweet me @nicekiwi if you’d like to discuss anything.

Imgur Plugin Gallery for Micro.Blog

Ripped from my old blog source code and moulded into something fun.
https://github.com/nicekiwi/micro-blog-imgur-gallery-plugin

Standard Gallery with Title
<div class="imgur-gallery" data-id="Udrxm" data-title="true"></div>

NSFW Gallery without a Title

<div class="imgur-gallery" data-id="pIexl" data-nsfw="true" data-title="true" data-title-text="Life Art Drawings" data-nsfw-message="Images Hidden, contains drawings of nekked people I did." data-nsfw-link="Click here to see my drawings"></div>