Ah yes you are right, this is only effective for dnsmasq
as own local resolver.
I did some testing now:
- NetworkManager has no builtin
dnsmasq
but pulls in thednsmasq-base
package (core/binaries only) as recommendation and executes it automatically when starting any kind of shared connection, including the WiFi hotspot. I am able to replicate it with a shared Ethernet connection here. With this package removed, the shared connection fails:start sharing failed: could not start dnsmasq due to Could not find "dnsmasq" binary
- It however explicitly sets
--conf-file=/dev/null ... --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
so that none of the default config files or directories is used. It can be easily verified by adding some random invalid characters to/etc/dnsmasq.conf
and/etc/dnsmasq.d/01-pihole.conf
which makespihole-FTL
anddnsmasq
commands both fail and throw a related error "dnsmasq: bad option at line 21 of /etc/dnsmasq.d/01-pihole.conf" while the instance started by NetworkManager starts and runs successfully as expected. /etc/NetworkManager/dnsmasq.d/
is used for the processing modednsmasq
, hence when usingdns=dnsmasq
, but is not relevant for the hotspot.
So there is no issue with overlapping configuration files. NetMan uses dnsmasq
not only as DNS server but also as DHCP server. It is however trivial to disable the DNS server part:
echo 'port=0' > /etc/NetworkManager/dnsmasq-shared.d/disable-dns.conf
You can specify the alternative DNS server passed to DHCP clients (not sure what is default here when the internal one is disabled) by additionally adding:
dhcp-option=6, x.x.x.x[, y.y.y.y]
This can be Pi-hole, but you may need to allow requests from all origins in Pi-hole first, if the hotspot is a different subnet.
I could neither find a way to disable dnsmasq's DHCP server completely (unsetting the --dhcp-range
command line option used by NetMan), nor preventing NetMan from starting dnsmasq
at all, so it keeps blocking UDP port 67 and hence Pi-hole cannot be used as DHCP server. There is an option to prevent dnsmasq from listening on a particular interface, but it keeps binding to the port:
no-dhcp-interface=wlan0