OpenDNS in Fedora with corporate DHCP and DNS with NetworkManager

plouj — Mon, 20 Apr 2009 22:24:00 +0000

Here is how to configure a Fedora workstation to use OpenDNS nameservers in a network with corporate DNS and DHCP servers without loosing access to their services.
This was done on a Fedora 9 machine with dnsmasq being the local DNS server. It should also work on newer Fedora versions and even other GNU/Linux distributions.

The setup is actually very simple and unobtrusive. It is only necessary to properly configure a local DNS server and then force 127.0.0.1 to be used as the only nameserver instead of the corporate DNS servers.

First you need to configure dnsmasq as follows:

/etc/dnsmasq.conf

# don't use the /etc/resolv.conf file anymore
no-resolv

# OpenDNS nameservers:
server=208.67.222.222
server=208.67.220.220

# Force corporate nameservers for corporate.domain.com lookups
# OpenDNS wouldn't be able to answer such queries correctly
# adjust to suit your network
server=/corporate.domain.com/10.1.1.1
server=/corporate.domain.com/10.1.1.2

# only respond to queries from the local machine
listen-address=127.0.0.1
bind-interfaces

conf-dir=/etc/dnsmasq.d

Then you need to go into NetworkManager and set 127.0.0.1 as the DNS server to be used:

This will result in the following important settings added to your network scripts:

DNS1=127.0.0.1
PEERDNS=no

I’ve noticed two minor problems with this setup:

the corporate DNS server names are hardcoded in the configuration. Usually they are determined automatically by the DHCP client.
restarting the dnsmasq service sometimes shows this error:
```
dnsdomainname: Host name lookup failure
```

The Exploits of Plouj » nameserver

OpenDNS in Fedora with corporate DHCP and DNS with NetworkManager

/etc/dnsmasq.conf