Dnsmasq Rebels Against Systemd-Resolved's Port 53 Monopoly, Hides in Macvlan Network Namespace Fortress

A solution has been devised to run dnsmasq as a dedicated DNS server, avoiding conflicts with systemd-resolved on modern Linux hosts. By utilizing a separate Linux network namespace and a macvlan interface, dnsmasq operates independently, keeping systemd-resolved enabled on the host. This setup prevents port-binding collisions, resolver interference, and operational disruption, allowing for coexistence between the two components. The approach involves creating a dedicated network namespace, a macvlan interface with its own IP address, and configuring dnsmasq to bind only to available interfaces. A templated systemd unit and helper script manage the lifecycle of the DNS service, ensuring a clean and reliable setup. This design provides a practical solution for operators needing dnsmasq functionality without dismantling the host's default resolution stack, and is particularly significant in the context of Linux networking, where systemd-resolved is increasingly prevalent. The solution is fully manageable via systemd and reproducible via install scripts.