How to disable DNSMASQ in ubuntu 12.04(Precise)

Sponsored Link
Dnsmasq is a lightweight server designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.

The developers of dnsmasq targeted home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection. But the system would function well in any small network where low resource-use and ease of configuration are important.

In ubuntu 12.04 dnsmasq is now running by default due to being hard coded into network manager.

Using dnsmasq as local resolver by default on desktop installations

That’s the second big change of this release. On a desktop install, your DNS server is going to be “ which points to a NetworkManager-managed dnsmasq server.

This was done to better support split DNS for VPN users and to better handle DNS failures and fallbacks. This dnsmasq server isn’t a caching server for security reason to avoid risks related to local cache poisoning and users eavesdropping on other’s DNS queries on a multi-user system.

The big advantage is that if you connect to a VPN, instead of having all your DNS traffic be routed through the VPN like in the past, you’ll instead only send DNS queries related to the subnet and domains announced by that VPN. This is especially interesting for high latency VPN links where everything would be slowed down in the past.

As for dealing with DNS failures, dnsmasq often sends the DNS queries to more than one DNS servers (if you received multiple when establishing your connection) and will detect bogus/dead ones and simply ignore them until they start returning sensible information again. This is to compare against the libc’s way of doing DNS resolving where the state of the DNS servers can’t be saved (as it’s just a library) and so every single application has to go through the same, trying the first DNS, waiting for it to timeout, using the next one.

If you don’t want a local resolver you can turn it off DNSMASQ using the following procedure

You need to edit /etc/NetworkManager/NetworkManager.conf file

gksudo gedit /etc/NetworkManager/NetworkManager.conf

and comment out the following line from




Save and exit the file

Now you need to network-manager using the following command

sudo restart network-manager

Source from here

Sponsored Link

You may also like...

9 Responses

  1. Rome says:

    This way does not work for me. It seems that damned dnsmasq is enabled by default… That’s a very bad idea…

  2. Rome says:

    Finally I’ve found the way to make DNS-client work pretty well. I removed the symbolic link /etc/resolv.conf (this is a symbolic link to /run/resolvconf/resolv.conf) and created true resolv.conf with it’s stuff (sudo vi /etc/resolv.conf)… Now it isn’t being updated after rebooting…

  3. Nothanks says:

    What about these Ubuntu scripts that reset that Dnsmasq back to defaults?….I heard about them, but I do not want Ubuntu to reset the config files after I change them.

    You paint a very rosy picture of Dnsmasq, when in truth it makes users highly vulnerable to security exploits. Dnsmasq is a HORRIBLE thing to install on a system intended for home users.

    There is an arguable case for DNSmasq in VPS servers, though that case is negated by the widely publicized and yet unpatched security exploits against it.

    There is absolutely NO good argument for it on a home network. You cannot honestly believe that the network manager, and not bloated ugly Unity, is what would weigh down a ‘Home Network’. The very idea of that is laughable to me. If your computers can run unity then they can do without Dnsmasq, and I am not even convinced that adding it improves performance or footprint at all.

    Also, it may be such that installing Dnsmasq was actually to target users of P2P services. It can be used to destroy the anonymity provided by using a virtual machine by holding all of the info in one place….In addition, it can open ports and even log, and then broadcast servers running on localhost either to your ISP or to anyone snooping from outside of your home.

    Dnsmasq should be regarded as poison to a privacy conscious user. The ONLY time it might be a good idea to use it would be if you were paying for a VPS and you wanted the host provider to manage security instead of yourself. However, it is not even ideal for that because of how much data it shares about its network. In addition to that problem, there are well documented exploits against it that are still unpatched, and every home system and server that uses it is vulnerable.

  4. ameya says:

    Thnx . After upgrading from 11 to 12lts my internet connection on Ubuntu was not working intermittently. This was irritating as this was happening on Ubuntu only and not windows which is the second os on this machine. I finally pinpointed the problem to dnsmasq which is enabled on 12 as I never had this problem on Ubuntu 11 prior. Disabling dnsmasq by ur method seems to have solved my problem as I have not faced ny issues in my connection in a couple of hrs since disabling it.

  5. Redbob says:

    OK, guy, this solution was incredibly simple, but “resolved” my situation! Thanks!

  6. blaze555 says:

    Came here to say thanks to you guys. Disabling dnsmasq solved my dns problems! Using Ubuntu GNOME 15.10. Very precise solution!

  7. blah says:

    Had issues with dnsmasq. This was not considering the second DNS address provided by DHCP. Removing the use of this thing with the comment fixed my issue…

  8. Roger Pence says:

    After many false starts, this resolved my issue. Thank you!

  9. G C says:

    “As for dealing with DNS failures, dnsmasq often sends the DNS queries to more than one DNS servers (if you received multiple when establishing your connection) and will detect bogus/dead ones and simply ignore them until they start returning sensible information again.”

    I think this is the root of the problems we’re having. How often are we getting “nonsensical” information from DNS servers. I totally appreciate trying to pin and negate attacks, but this is not working very well.

    Of all the network manager issues, dns seems the most insidious. Having nslookup commands state that the resolver is is not only not very useful, but it points the finger back at the local resolver every time. And it is a constant reminder that network manager is a complex divergeance that does not fulfil its promise.

    I wonder what we can do to fix this or at least see what’s going wrong.

    Full disclosure, not using VPN:
    NSlookup seems to work for internet based lookups, but fails for local (ironically) dnsmasq server based lookups. I have dhcp pinning with static names for most of the assets on my intranet and those do not work. This is a clean install I performed today.

    DNSMASQ is not logging errors… or anything.
    The “nmcli general logging” command does not take log level nor does it take the domain, so that is pretty broken. dnsmasq.conf is dbus syntax so adding information there seems like the wrong idea.

    Given the thousands of workarounds I see related to this change, it is going to be difficult to find the correct way to debug this.

Leave a Reply

Your email address will not be published. Required fields are marked *