Here is how to configure a Fedora workstation to use OpenDNS nameservers in a network with corporate DNS and DHCP servers without loosing access to their services.
This was done on a Fedora 9 machine with dnsmasq being the local DNS server. It should also work on newer Fedora versions and even other GNU/Linux distributions.

The setup is actually very simple and unobtrusive. It is only necessary to properly configure a local DNS server and then force 127.0.0.1 to be used as the only nameserver instead of the corporate DNS servers.

First you need to configure dnsmasq as follows:

/etc/dnsmasq.conf

# don't use the /etc/resolv.conf file anymore
no-resolv

# OpenDNS nameservers:
server=208.67.222.222
server=208.67.220.220

# Force corporate nameservers for corporate.domain.com lookups
# OpenDNS wouldn't be able to answer such queries correctly
# adjust to suit your network
server=/corporate.domain.com/10.1.1.1
server=/corporate.domain.com/10.1.1.2

# only respond to queries from the local machine
listen-address=127.0.0.1
bind-interfaces

conf-dir=/etc/dnsmasq.d

Then you need to go into NetworkManager and set 127.0.0.1 as the DNS server to be used:

This will result in the following important settings added to your network scripts:

DNS1=127.0.0.1
PEERDNS=no

I’ve noticed two minor problems with this setup:

1. the corporate DNS server names are hardcoded in the configuration. Usually they are determined automatically by the DHCP client.
2. restarting the dnsmasq service sometimes shows this error:

   dnsdomainname: Host name lookup failure

The other day I needed to setup bridged networking for a Qemu virtual machine. Although I found a rather well written generic TAP interfaces guide on Wikibooks. It only explained how to configure a network bridge on a host machine with a static IP. I wanted to do this on a host that used DHCP. Plus I wanted to keep all configuration in Fedora specific places. Having discovered a good way to do this through experimentation after a few fruitless Google searches I thought it would be useful for myself and others to have the configuration documented here.

ifcfg-eth0

First, I changed the host’s (auto-generated) /etc/sysconfig/network-scripts/ifcfg-eth0 script from this:

# Attansic Technology Corp. L1 Gigabit Ethernet Adapter
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:1D:60:35:A7:64
ONBOOT=yes

to this:

# Attansic Technology Corp. L1 Gigabit Ethernet Adapter
DEVICE=eth0
TYPE=Ethernet
BRIDGE=br0
ONBOOT=yes

This turns off DHCP on the physical Ethernet device and just specifies that it will be connected to or a part of a bridge.

ifcfg-br0

Second, I created /etc/sysconfig/network-scripts/ifcfg-br0, which will be called to setup a bridge device:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
HWADDR=00:1D:60:35:A7:64
ONBOOT=yes
DELAY=0
STP=off

As you can see, most of this configuration is copied from eth0 plus the bridge configuration as per the Qemu Wikibook.

qemu-ifup/down

Third, I shortened the /etc/qemu-ifup and /etc/qemu-ifdown from Wikibooks to get this:

/etc/qemu-ifup:

#!/bin/sh
USER=$(id -un)
sudo /usr/sbin/openvpn --mktun --dev $1 --user "$USER"
sudo /sbin/ifconfig $1 0.0.0.0 promisc up
sudo /usr/sbin/brctl addif br0 $1

/etc/qemu-ifdown:

#!/bin/sh
sudo /sbin/ifconfig $1 down
sudo /usr/sbin/brctl delif br0 $1
sudo /usr/sbin/openvpn --rmtun --dev $1

Here I basically removed all of the configuration that is taken care of in the sysconfig scripts. I also made explicit use of sudo simply because that is my preference.

Final steps

Now I can simply run /etc/qemu-ifup tap0 once to create a TAP device, and use something like: qemu-kvm -hda /virtual-machines/fedora9.disk -m 512 -net nic -net tap,ifname=tap0,script=no to start a virtual machine. When I’m done running the virtual machine, I can run /etc/qemu-ifdown tap0 to remove the TAP device.

All this sounds simple now that it’s working, but initially it took a lot of guessing on my part so I’m documenting it here for the future.

I would appreciate it if someone can point me to the official Redhat/Fedora documentation on editing /etc/sysconfig/network-scripts/ scripts.

I just finished setting up my newly purchased monochrome duplex network printer – Lexmark E250DN. It took me a while to figure out how to configure CUPS on my GNU/Linux/Fedora machines to communicate with this printer. The problem was that I just didn’t know what URI to use for the printer. Unsurprisingly, the PDF and HTML documents that came with the printer didn’t mention such information. After all, why would Windows users need to know that if they can simply run the printer-specific utility to configure everything for them? Sheesh… Anyways. The CUPS manual was actually quite useful in listing common printer URIs. It turned out that the Lexmark URI lpd://printer-address/ps and a Generic PostScript driver worked quite well. In fact, the “/ps” part seems to be irrelevant, so simply lpd://printer.lan worked for me. However, the CUPS manual also suggested avoiding the LPD protocol if the printer supported other protocols. Using nmap I confirmed that my printer has at least something running on the IPP port (631):

$ nmap printer.lan

Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-22 20:39 EDT
Interesting ports on printer.lan (10.1.1.7):
Not shown: 1705 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
79/tcp    open  finger
80/tcp    open  http
515/tcp   open  printer
631/tcp   open  ipp
5001/tcp  open  commplex-link
8000/tcp  open  http-alt
9100/tcp  open  jetdirect
10000/tcp open  snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 0.396 seconds

After a bit of trial and error, I discovered that simply using the http://printer.lan:631 or ipp://printer.lan URI and a Generic PostScript driver worked without problems with E250DN.

Apart from these initial pains I am quite happy to be able to print double-sided black-and-white documents from all of my home computers.

Side Note:

During the investigation process, I noticed that Fedora’s system-config-printer utility prints the following information to the terminal when I tell it the IPP printer hostname:

...
printer.lan: /usr/lib/cups/backend/snmp "${HOST}" 2>/dev/null
printer.lan: hp-makeuri -c "${HOST}" 2> /dev/null
No ID match for device ipp://printer.lan:
<manufacturer>Lexmark</manufacturer>
  <model>E250dn 6216N4G LE.PM.P121 -- Part Number -</model>
  <description>Lexmark E250dn 6216N4G LE.PM.P121 -- Part Number -</description>
  <commandset></commandset>
Using textonly.ppd
...

I wonder how I could get that XML-ish output myself. It doesn’t seem to come from hp-makeuri.