It was well known that NetworkManager does not play well with dnsmasq (ref: here). I've skimmed throught the lengthy discussion here but still not sure what the recommended way to deal with the situation is.

All that I want is to do is to use dnsmasq to provide DNS and DHCP to my local network. What would be the recommended way in this case?

It seems the problem remains even for Ubuntu 14.04, even the bug is claimed to be fixed.

As work arounds, people are disabling the NM-enslaved dnsmasq-base because the following reasons:

The NM-enslaved dnsmasq uses hardcoded options (in C) that provide extremely limited functionality.

  • It doesn't listen on ethX (--listen-address= So we can't use our servers as DNS servers for our local network PCs, i.e. it's completely useless for LANs.
  • It doesn't cache requests (--cache-size=0). No caching ==> no DNS queries speedup. This again is very significant for LANs as there are many concurrent users.
  • Finally, we also need the DHCP and TFTP functionality of dnsmasq, so even if NM+dnsmasq included a real DNS server, we'd have to run another dnsmasq

But I'm not sure if they still holds and/or how the fix has solve the problem(s). Further, none of them are very clear exactly what they did and how they did to solve their problem. I.e., the solution part is missing from the lengthy discussion. Can someone fill in the blanks please? I.e.,

The dnsmasq provided out-of-box by Ubuntu is not working, on the server side, for the above reasons. And also, on the client side, "the dnsmasq installed on those Ubuntu laptops cannot do LAN DNS query from my DNS server", because "the (Ubuntu laptops') NetworkManager is causing them to have a weird nameserver setting" (ref: DNS solution for LAN or local home network)

How to make dnsmasq to work smoothly with NetworkManager, so as to provide DNS and DHCP (and TFTP) to my local network, on both the server and client side?


for those seeking the answer. Of all the answers below, I found the simplest solution is @brad's, for the server side (still no good answer for the client side):

the only solution to the problem is to disable the NM-drive dnsmasq..., and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.

  • 2
    Just for Googlers (like me): In newer versions of ubuntu dnsmasq-core inside NetworkManager is somewhat more friendly. See here: askubuntu.com/questions/233195/…
    – A. Rabus
    Commented Aug 24, 2014 at 11:25

7 Answers 7


I also have your problems.

In principle, after wiki.archlinux, it seems that to enable caching it should be enough to create a file /etc/NetworkManager/dnsmasq.d/cache containing simply

$ cat /etc/NetworkManager/dnsmasq.d/cache 

I tried this but, after NM restarted, I still have no cache:

# ps ax | grep dns
11724 ?        S      0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address= --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d

Note that the cited conf-file is always empty: I have not been able to configure any option using this procedure.

All in all, it seems that the NM-enslaved dnsmask in 14.04 (which is provided by the dnsmasq-base package) is completely locked, so it is not possible to enable caching, nor anything else (dhcp, tftp).

If this is right I think that, as you say, the only solution to the problem is to disable the NM-drive dnsmasq by commenting out the line


in the file /etc/NetworkManager/NetworkManager.conf and install the "standard" dnsmasq and then configure it via its standard /etc/dnsmasq.conf configuration file.

  • Welcome to superuser brad! Thanks for your help!
    – xpt
    Commented Sep 10, 2014 at 15:28
  • 3
    Actually this does enable cache, since it's running with --conf-dir=/etc/NetworkManager/dnsmasq.d, the cache-size specified in the file you created is used. You can see the difference using dig
    – sirfz
    Commented Aug 25, 2016 at 23:16

It is possible to override settings by putting them into /etc/NetworkManager/dnsmasq.d/*.conf. Configuration file settings take precedence over command-line flags. They are applied when NetworkManager starts dnsmasq. Run sudo service network-manager restart to reapply. (If there's any doubt: brad's answer missed the fact that ps ax | grep dns shows a --conf-dir argument)

For example:

echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

As I recall NetworkManager disables dnsmasq caching by default due to concerns over cache poisoning. For a machine where all users are trusted it may not be an issue.

NetworkManager doesn't integrate with resolvconf, and NM's server at won't be used locally if the resolvconf package is installed. resolvconf is part of ubuntu-minimal and standard Debian installs; NetworkManager reimplements that functionality in a more integrated, less script-based way.

NetworkManager does make sure not to interfere with a global dnsmasq instance (binding to a secondary loopback IP and setting bind-interfaces through /etc/dnsmasq.d/network-manager). If you install a global dnsmasq instance and keep NM's instance, double check in /etc/resolv.conf to see which one the host will use by default.

While you can customise NetworkManager's dnsmasq instance as shown above, if you want a DNS server that binds to public interfaces, you should install the dnsmasq package (NetworkManager only uses dnsmasq-base, which doesn't configure a global instance) and put your configuration in /etc/dnsmasq.d/*.conf. NetworkManager's slave instance is only meant to bind to the loopback interface and configuring it beyond that scope would risk breaking it.

In summary, for someone who just wants local DNS caching:

sudo apt-get remove dnsmasq resolvconf dhcpcd5 rdnssd
echo cache-size=1000 |sudo tee -a /etc/NetworkManager/dnsmasq.d/cache.conf

For a simple LAN, NetworkManager's connection sharing should still suffice. But for a custom-configured LAN, with TFTP and so on:

sudo apt-get install resolvconf dnsmasq
echo,,12h |sudo tee -a /etc/dnsmasq.d/lan.conf
echo enable-tftp |sudo tee -a /etc/dnsmasq.d/lan.conf
sudo service dnsmasq restart
  • Thanks. Though you should describe more fully what your "in summary" commands do, i.e. the instructions also remove 4 packages if you have them currently More links and discussion at reddit.com/r/Ubuntu/comments/2j0va4/…
    – nealmcb
    Commented Apr 13, 2017 at 16:37
  • Quite agree with @nealmcb, Tobu, please explain why "for someone who just wants local DNS caching", they need to remove the dnsmasq package. then what's the next echo command is for? since the dnsmasq will be gone.
    – xpt
    Commented Jan 22, 2018 at 3:15
  • 1
    @xpt Tobu suggests to remove dnsmasq, but you should still have dnsmasq-base installed due to NM.
    – thalisk
    Commented Jun 6, 2018 at 15:01
  • "Configuration file settings take precedence over command-line flags." However, if you specify bind-dynamic in the configuration file, dnsmasq complains that it cannot be both bind-interfaces and bind-dynamic. Potentially one of the few options that you cannot override from the configuration file.
    – Lei Zhao
    Commented May 29, 2020 at 1:25

In addition to the previous replies to this post I would like to add, that Network-manager's dnsmasq-base instance, will also follow the addn-hosts directive, (placed in a configuration file created below /etc/NetworkManager/dnsmasq-shared.d/), forcing dnmasq-base to read the local /etc/hosts file, despite the fact that dnsmasq is called with the --no-hosts option by Network-Manager

That way, I have successfully managed to set up a local DNS-server on my Mint 20.1 Laptop. No need to fiddle around with IP-addresses (a properly set up /etc/hosts provided...)

Find a working sample below...

 # /etc/NetworkManager/dnsmasq-shared.d/local-DNS.conf
 domain=local.wifi              // specify the (local) DNS-domain
 addn-hosts=/etc/hosts          // force dnmasq to read /etc/hosts despite --no-host
 bogus-priv                     // do not forward private reverse lookups to upstream server (not needed if there is none...)
 dhcp-option=6,[IP-OF-WIFI_IF]  // tell client to use [IP-OF-WIFI_IF] as DNS-Server
  • 1
    Welcome & Thanks Bernie! a sample file with mock data would be appreciated, of the one you placed below /etc/NetworkManager/dnsmasq-shared.d/, and the explanation of its effect. thx.
    – xpt
    Commented Mar 14, 2021 at 17:40
  • Thanks for the kind comment, @xpt!
    – Bernie D
    Commented Mar 21, 2021 at 11:15
  • Thanks, keep on contributing Bernie, :)
    – xpt
    Commented Mar 21, 2021 at 15:04

Despite claims here and elsewhere to the contrary, NetworkManager completely ignores any and all dmsmasq configuration files – even those in its own directory /etc/NetworkManager/dnsmasq-shared.d. The proof is in the source code for NetworkManager... Here is the relevant comment:

/* dnsmasq may read from its default config file location, which if that location is a valid config file, it will combine with the options here and cause undesirable side-effects. Like sending bogus IP addresses as the gateway or whatever. So tell dnsmasq not to use any config file at all. */

Here is link to relevant source code (lines 139-144).

  • 3
    A link to point at the source code so that readers can validate this and read the associated code would be helpful if possible.
    – jamesc
    Commented Jan 5, 2018 at 17:25
  • 3
    So yes, one can not specify an explicit config file. --conf-file is hard coded to /dev/null. However, if you look at the full command line used to start dnsmasq via the NetworkManager you see that conf-dir is used: '/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address= --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d', meaning all the files in the given directory are read.
    – Hardy
    Commented Sep 5, 2018 at 8:30
  • 2
    This is definitely not the case on Debian 10. From the NetworkManager.conf(5) man page: "It is possible to pass custom options to the dnsmasq instance by adding them to files in the /etc/NetworkManager/dnsmasq.d/ directory." I use this successfully for pointing a test domain at a libvirt VM. Commented Jan 29, 2021 at 21:31
  • That file is gone now, as you used "master" instead of a specific tag.
    – OrangeDog
    Commented Oct 24, 2023 at 9:11

I wanted to assign a particular MAC to a particular IP address and for the purposes of stability, stick with the default Network Manager/dnsmasq as much as possible.

https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dnsmasq/nm-dnsmasq-manager.c does have the comment about using --conf-file to ignore configurations, but later in the file we have

/* dnsmasq exits if the conf dir is not present */
    if (g_file_test (CONFDIR, G_FILE_TEST_IS_DIR))
        nm_cmd_line_add_string (cmd, "--conf-dir=" CONFDIR);

Under Ubuntu 16.04 LTS, after setting up a Wi-Fi Hot Spot and sharing another connection, ps auxgww | grep dnsmasq shows that the last command line argument of each of the dnsmasq processes is:


Thus, it is possible to create config files in that directory that are shared amongst all the invocations of dnsmasq that are started by Network Manager.

I created /etc/NetworkManager/dnsmasq-shared.d/Hue


and rebooted, though running

sudo service network-manager restart

would have worked.

This resulted in my device getting the appropriate IP address.

Yes, this is wrong because it means that all of the invocations of dnsmasq by NetworkManager will get this declaration, but in this case, it is harmless because it only matters if the MAC shows up on the network in question. If the network is not 192.168.1, then there will be trouble.

This is more robust than replacing /usr/sbin/dnsmasq with a script as is proposed at https://gist.github.com/magnetikonline/6236150

The right solution would be to modify how dnsmasq is invoked to properly use dnsmasq configuration files. I understand the desire to have Network Manager "just work", but making tools idiot-proof means that only idiots can use them.

  • thanks for the answer Christopher, however, I'm really not able to follow... "I wanted to assign a particular MAC to a particular IP address and for the purposes of stability"... "ps auxgww | grep dnsmasq shows that the last command line argument of each of the dnsmasq processes"... "I created ... would have worked"... "Yes, this is wrong"... I.e., I really can't follow your train of thought, to make sense what you are trying to say here.
    – xpt
    Commented Jan 22, 2018 at 3:23

My solution might break Network Manager and its keeping everything simple way of doing things. With NM's broken way of dealing with dnsmasq, I just override it with my method below.

A workaround to the problem was to simply do the following:

sudo apt install dnsmasq
cp /etc/dnsmasq.conf ~/

Edit the ~/dnsmasq.conf file in your user directory how you want it to be and save it.

sudo rm -v /etc/dnsmasq.conf
sudo cp -v ~/dnsmasq.conf /etc/
sudo chattr +i /etc/dnsmasq.conf
sudo systemctl restart dnsmasq.service

I made a simple bash alias and put it at the bottom of my ~/.bash_aliases file to make it easy to edit the dnsmasq.conf file. Here's the alias:

alias="sudo chattr -i /etc/dnsmasq.conf && sudo nano -w /etc/dnsmasq.conf && sudo chattr +i /etc/dnsmasq.conf && sudo systemctl restart dnsmasq.service"

Of course, you can choose any editor to your liking for the second sudo command in the alias, but I used nano there for ease for everyone. Save the file, close and reopen your command terminal tab/window. That should enable the alias to be available to newly opened terminal tabs/windows.

Simply run eddmc from your user account and it will ask for your password to perform the elevated commands.

Notice that I always chattr +i the file. This is so Network Manager won't overwrite your config with its own.

On wired ethernet connections there shouldn't be any problems. I have found since I use dnsmasq for dns caching on laptops with wireless that I have to manually restart the dnsmasq.service after connecting to an access point. I think Network Manager can perform tasks like restarting services when connecting, but I haven't looked into that yet.


How to use dnsmasq to provide DNS and DHCP to my local network:



restart service:

service dnsmasq restart

fixed the issue of assigning the address.

The configuration file had error in IP Address: instead of it was

Obviously a typing error but once dnsmasq auto detects it without dnsmasq.conf it will append the change in the backed up config and restart the service.

As far as network manager is concerned its configuration should be over ridden by commenting out:

  • Your answer is titled "How to use dnsmasq to provide DNS and DHCP to my local network", yet you go on to describe how to stop dnsmasq from providing DNS to your machine (NetworkManager does not use dnsmasq for DHCP). Do you see the irony? Commented Feb 12, 2022 at 3:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .