Dnsmasq service - should it be disabled?


#1

Just looking at my DietPi based PiHole install and I noticed that the dnsmasq service is dead. I’ve read around this and the FTL service seems to incorporate dnsmasq.

This answer seems to reinforce this Dnsmasq failed to start.

My question is therefore, should the dnsmasq service be disabled so it never tries to start?

DietPi-PiHole:~# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2019-01-06 20:43:11 GMT; 12s ago
  Process: 34511 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
  Process: 34508 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)

Jan 06 20:43:11 DietPi-PiHole systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 06 20:43:11 DietPi-PiHole dnsmasq[34508]: dnsmasq: syntax check OK.
Jan 06 20:43:11 DietPi-PiHole dnsmasq[34511]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 06 20:43:11 DietPi-PiHole systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Jan 06 20:43:11 DietPi-PiHole systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Jan 06 20:43:11 DietPi-PiHole systemd[1]: dnsmasq.service: Unit entered failed state.
Jan 06 20:43:11 DietPi-PiHole systemd[1]: dnsmasq.service: Failed with result 'exit-code'.

DietPi-PiHole:~# systemctl status pihole-FTL.service
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (running) since Sun 2019-01-06 00:17:14 GMT; 20h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 59209 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 59295 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
    Tasks: 7 (limit: 9830)
   CGroup: /system.slice/pihole-FTL.service
           └─59384 /usr/bin/pihole-FTL

#2

This is not required. If pihole-FTL loads first, dnsmasq will not load on that port, assuming something is trying to load it. If dnsmasq causes problems, then either disable it or uninstall it.


#3

So strictly speaking dnsmasq should be disabled? Is the fact it is installed a legacy issue?

To rely on hope (pihole-FTL loads first) seems a little odd.


#4

Dnsmasq is not installed by Pi-Hole, and Pi-Hole neither uninstalls or disables it.

Edit - Pi-Hole does disable dnsmasq as of V4. See additional comment later in this thread.

Since Pi-Hole does not use dnsmasq as a separate process, there is no call from Pi-Hole to start it. Unless you have other software loading dnsmasq, it won’t try to launch.


#5

Was dnsmasq installed by a previous version of Pi-Hole? As this DietPi instance only has Pi-Hole on it, it can only be that which installed it (I believe).


#6

Dnsmasq was installed and needed when the Pi-hole version lower than 4.x. From version 4.x it is included in Pi-hole.


#7

Ok great that explains the dead dnsmasq process - it is a legacy of previous versions of Pi-Hole.


#9

@borpin
My apologies for a poorly researched reply. I did not look at the code in sufficient detail. In the install script (see link below), dnsmasq is stopped and disabled if it exists. This is the mechanism that prevents dnsmasq from running.


#10

Hi @jfb - no worries.

The issue I can see is that, as this is a service that is started via update-rc.d a normal ‘disable’ does not work as it leaves the various run level files hanging around as seen by ls -l /etc/rc?.d/*dns*

To remove those you need to execute update-rc.d -f dnsmasq remove.

Secondly, disabling a service simply stops it from running at boot, but does leave open the possibility of it being initiated by another service. To stop the possibility of that happening, a

systemctl mask dnsmasq.service

is required.

This then removes it from the output of a systemctl status and avoids confusion.

Thanks for your help.


#11

If you choose, dnsmasq can be completely uninstalled and Pi-Hole will continue to function (as of V4).


#12

Yes. I was just suggesting a more robust way to remove it from view for most users. :smile:


#13

I’m on v.4.1.2. Do I have to run this command to uninstall dnsmasq?

sudo apt-get remove dnsmasq

Without --purge option I think, to keep the current configuration files in /etc/dnsmasq.d/


#14

Just dropped dnsmasq with

sudo apt-get remove dnsmasq-base

This will uninstall dnsmasq and dnsmasq-base.
After a system reboot all seems to work fine so far.


#15

Good catch. Removing dnsmasq is not a straight forward job. It has puzzled me a few times because it seemed to stick like chewing gum to the shoes.


#16

Just to avoid doubt (and this is plagiarised - how I learnt about it :smile:) [edited to add some more clarity]

There are 4 different commands for removing packages.

remove - just removes the package from the os (i.e. uninstalls it) and not from the disk (the cached package).

purge - removes the installed package and associated files like personal settings, configuration files etc

auto-remove - removes any packages that are no longer required as a result of removing packages that had previously caused other dependencies to be installed. If used with purge will remove associated files as well.

clean - actually removes all of the above from disk, think emptying a recycle bin in windows.

What I do not know is if pi-hole expects any of the standard dnsmasq settings files that might be removed by a purge or clean. Ideally both of these commands could be used but without testing there is a distinct risk. However, by the fact the packages are still downloaded on disk, I think there is a risk of it being silently reinstalled if something is installed that lists dnsmasq as a dependency.