The Exploits of Plouj

Here is how to configure a Fedora workstation to use OpenDNS nameservers in a network with corporate DNS and DHCP servers without loosing access to their services.
This was done on a Fedora 9 machine with dnsmasq being the local DNS server. It should also work on newer Fedora versions and even other GNU/Linux distributions.

The setup is actually very simple and unobtrusive. It is only necessary to properly configure a local DNS server and then force 127.0.0.1 to be used as the only nameserver instead of the corporate DNS servers.

First you need to configure dnsmasq as follows:

/etc/dnsmasq.conf

# don't use the /etc/resolv.conf file anymore
no-resolv

# OpenDNS nameservers:
server=208.67.222.222
server=208.67.220.220

# Force corporate nameservers for corporate.domain.com lookups
# OpenDNS wouldn't be able to answer such queries correctly
# adjust to suit your network
server=/corporate.domain.com/10.1.1.1
server=/corporate.domain.com/10.1.1.2

# only respond to queries from the local machine
listen-address=127.0.0.1
bind-interfaces

conf-dir=/etc/dnsmasq.d

Then you need to go into NetworkManager and set 127.0.0.1 as the DNS server to be used:

This will result in the following important settings added to your network scripts:

DNS1=127.0.0.1
PEERDNS=no

I’ve noticed two minor problems with this setup:

1. the corporate DNS server names are hardcoded in the configuration. Usually they are determined automatically by the DHCP client.
2. restarting the dnsmasq service sometimes shows this error:

   dnsdomainname: Host name lookup failure