What is DNSMASQ?
A caching DNS forwarder. Dnsmasq is lightweight, easy to configure DNS forwarder designed to provide DNS (domain name) services to a small network where using BIND would be overkill. It can be have its upstream DNS servers automatically configured by PPP or DHCP and it can serve the names of local machines which are not in the global DNS. It can integrate with the ISC DHCP daemon to serve the names of local machines which are configured using DHCP. Dnsmasq is ideal for networks behind NAT routers and connected via modem, ISDN, ADSL, or cable-modem.
- You have an internet connection.
- Your running Linux (Ubuntu 10.04 or a Debian derivative).
- You know how to turn off the built in DHCP server on your own router at the end of the instructions.
sudo apt-get install dnsmasq
Copy and rename the config file, just in case you make a mistake along the way.
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.old
Edit the config file.
sudo nano /etc/dnsmasq.conf
This is the edited (the parts that I used from the config file. It’s works fine for my network which is quite generic. Like most home users, I’m behind a wireless router that does NAT so my network is a class C private network.
# Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # uneccessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link uneccessarily. # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/localnet/ # The cache size can be changed by a comand-line flag or /etc/dnsmasq.conf # option. Attempts to increase the cache size too far will be ignored. # That limit used to be 2000, I think. From version 1.14 it was upped to # 10000. cache-size=10000 # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=eth0 # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) listen-address=127.0.0.1 # comment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.10,192.168.1.110,7d # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" #domain=reserved.dickson.me.uk # These PC's have static IP's on my network, so I don't want to # allocate the IP's to anything else. Your of course # will be different. Feel free not to include the following. dhcp-host=00:03:1d:04:67:f0,workstation,192.168.1.10,infinite dhcp-host=00:30:18:a8:93:4d,orion,192.168.1.15,infinite # I do some development work on a Virtual Machines, I always call # that machine dev so it makes sence for me to allocate the same # IP address to any workstation called dev. This is just for my # network so feel free to not to include the following line or this # comment. dhcp-host=dev,192.168.1.11,infinite # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. # # This is the IP address of MY ROUTER, it might be different to your # home network dhcp-option=3,192.168.1.254 # Set the NTP time server address to be the same machine as # is running dnsmasq. If your not running a NTP server on the # same machine as dnsmasq, then this isn't needed. dhcp-option=42,0.0.0.0 # This is only really needed if you are running samba on the same machine # as dndmasq, if your not, then you don't need this. # # The following DHCP options set up dnsmasq in the same way as is specified # for the ISC dhcpcd # # adapted for a typical dnsmasq installation where the host running # dnsmasq is also the host running samba. # # you may want to uncomment some or all of them if you use # Windows clients and Samba. dhcp-option=19,0 # option ip-forwarding off dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type # Send microsoft-specific option to tell windows to release the DHCP lease # when it shuts down. Note the "i" flag, to tell dnsmasq to send the # value as a four-byte integer - that's what microsoft wants. See dhcp-option=vendor:MSFT,2,1i
Next you need to add a few Recursive DNS Server for DNSMASQ to use. I’m going to be using the free servers provided by Google. Thankfully DNSMASQ now supports IPv6 RDNS servers, which is very good if you happen to be running dual stack IPv4 and IPv6 which I am at home.
Edit the resolv.conf file.
sudo nano /etc/resolv.conf
Add the following to the resolv.conf file.
# Google IPv4 DNS nameserver 18.104.22.168 nameserver 22.214.171.124 # Google IPv6 DNS nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844
DNSMASQ will read the host file on startup of your server and create DNS entries for these, so you only need to keep one hosts file up to date (which is a nice timesaver).
My hosts file looks like this, your of course will look different.
cat /etc/hosts 127.0.0.1 localhost 192.168.1.10 Workstation 192.168.1.15 orion 192.168.1.11 Dev 192.168.1.254 Router
Now restart DNSMASQ and everything should work.
sudo /etc/init.d/dnsmasq restart
This step is only a reminder to myself and not needed, by default, I turn on ufw and block everything, only opening ports when needed. So I need to open the ports for DHCP and DNS resolution to allow this to work on my network.
sudo ufw allow bootps sudo ufw allow 53/udp sudo ufw allow 53/tcp
Dnsmasq – Community Ubuntu Documentation
HowTo/dnsmasq – Debian Wiki
dnsmasq – A DNS forwarder for NAT firewalls
Man Page of dnsmasq
Linux Home Server HOWTO – Domain Name System (Bind)
Naming conventions in Active Directory, sites, and OUs
Quick HOWTO: Ch18 : Configureing DNS – Linux Home Networking
redhat.com – How to set up a home DNS server
Creating Internal DNS Somain Names: Domain Name System(DNS)
What is DNSMASQ