Setting up dnsmasq with Ubuntu 10.04 for home networking

What is DNSMASQ?

A caching DNS forwarder. Dnsmasq is lightweight, easy to configure DNS forwarder designed to provide DNS (domain name) services to a small network where using BIND would be overkill. It can be have its upstream DNS servers automatically configured by PPP or DHCP and it can serve the names of local machines which are not in the global DNS. It can integrate with the ISC DHCP daemon to serve the names of local machines which are configured using DHCP. Dnsmasq is ideal for networks behind NAT routers and connected via modem, ISDN, ADSL, or cable-modem.

Assumptions made

  1. You have an internet connection.
  2. Your running Linux (Ubuntu 10.04 or a Debian derivative).
  3. You know how to turn off the built in DHCP server on your own router at the end of the instructions.

Install DNSMASQ.

sudo apt-get install dnsmasq

Copy and rename the config file, just in case you make a mistake along the way.

sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.old

Edit the config file.

sudo nano /etc/dnsmasq.conf

This is the edited (the parts that I used from the config file. It’s works fine for my network which is quite generic. Like most home users, I’m behind a wireless router that does NAT so my network is a class C private network.

# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# uneccessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link uneccessarily.

# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/localnet/

# The cache size can be changed by a comand-line flag or /etc/dnsmasq.conf
# option. Attempts to increase the cache size too far will be ignored.
# That limit used to be 2000, I think. From version 1.14 it was upped to
# 10000.
cache-size=10000

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0

# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1

# comment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.1.10,192.168.1.110,7d

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=reserved.dickson.me.uk

# These PC's have static IP's on my network, so I don't want to
# allocate the IP's to anything else. Your of course
# will be different. Feel free not to include the following.
dhcp-host=00:03:1d:04:67:f0,workstation,192.168.1.10,infinite
dhcp-host=00:30:18:a8:93:4d,orion,192.168.1.15,infinite

# I do some development work on a Virtual Machines, I always call
# that machine dev so it makes sence for me to allocate the same
# IP address to any workstation called dev. This is just for my
# network so feel free to not to include the following line or this
# comment.
dhcp-host=dev,192.168.1.11,infinite

# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#
# This is the IP address of MY ROUTER, it might be different to your
# home network
dhcp-option=3,192.168.1.254

# Set the NTP time server address to be the same machine as
# is running dnsmasq. If your not running a NTP server on the
# same machine as dnsmasq, then this isn't needed.
dhcp-option=42,0.0.0.0

# This is only really needed if you are running samba on the same machine
# as dndmasq, if your not, then you don't need this.
#
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd
#
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
#
# you may want to uncomment some or all of them if you use
# Windows clients and Samba.
dhcp-option=19,0           # option ip-forwarding off
dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
dhcp-option=45,0.0.0.0     # netbios datagram distribution server
dhcp-option=46,8           # netbios node type

# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
dhcp-option=vendor:MSFT,2,1i

Next you need to add a few Recursive DNS Server for DNSMASQ to use. I’m going to be using the free servers provided by Google. Thankfully DNSMASQ now supports IPv6 RDNS servers, which is very good if you happen to be running dual stack IPv4 and IPv6 which I am at home.

Edit the resolv.conf file.

sudo nano /etc/resolv.conf

Add the following to the resolv.conf file.

# Google IPv4 DNS
nameserver 8.8.8.8
nameserver 8.8.4.4

# Google IPv6 DNS
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

DNSMASQ will read the host file on startup of your server and create DNS entries for these, so you only need to keep one hosts file up to date (which is a nice timesaver).

My hosts file looks like this, your of course will look different.

cat /etc/hosts
127.0.0.1	localhost
192.168.1.10	Workstation
192.168.1.15	orion
192.168.1.11	Dev
192.168.1.254	Router

Now restart DNSMASQ and everything should work.

sudo /etc/init.d/dnsmasq restart

This step is only a reminder to myself and not needed, by default, I turn on ufw and block everything, only opening ports when needed. So I need to open the ports for DHCP and DNS resolution to allow this to work on my network.

sudo ufw allow bootps
sudo ufw allow 53/udp
sudo ufw allow 53/tcp

References:
Dnsmasq – Community Ubuntu Documentation
HowTo/dnsmasq – Debian Wiki
dnsmasq – A DNS forwarder for NAT firewalls
Man Page of dnsmasq
Linux Home Server HOWTO – Domain Name System (Bind)
Naming conventions in Active Directory, sites, and OUs
Quick HOWTO: Ch18 : Configureing DNS – Linux Home Networking
redhat.com – How to set up a home DNS server
Creating Internal DNS Somain Names: Domain Name System(DNS)
What is DNSMASQ

16 thoughts on “Setting up dnsmasq with Ubuntu 10.04 for home networking

  1. Hey, is it easy enough to set DNSMasq to only forward DNS queries to public DNS as opposed to trying to resolve the internal ones?

    I already have internal DNS that will handle all internal name resolution but my firewall will not pass-though DNS queries to ISP DNS hence the need for another server.

  2. Are you proposing to forward queries from your already working internal DNS, to another server that is handling external DNS queries, then the answer is yes. But my question is, why bother? Surely you can extend your internal DNS server to resolve external DNS requests?

  3. Just a minor error in your guide.. if the config file you posted is the one you’re using, then you’re actually using a Class C private network not a Class B as the guide states (which is in the 172.16.x.x to 172.31.x.x range)

    Other than that awesome guide. I currently have isc-dhcpd running but am thinking of just using dnsmasq since it’s much lighter weight and I don’t have enough machines to really require dhcpd

  4. Pingback: Use Getflix or Unblock-Us servers selectively with Dnsmasq | i reckon

  5. Is there a file/location where DNSCache has his cache storage.
    Where can you check the cache?

  6. Good day.
    Used your guide, worked swell. This morning, it all went to snot on me. I’m getting CONNECTION REFUSED for anything external.

    By the way, Ubuntu 14.04 server .. instead of editing /etc/resolv.conf, I updated /etc/resolvconf/resolv.conf.d/base.

    My Google-fu isn’t very strong, but I haven’t seen found anything like this. You running into this at all?

  7. Hi VK,

    I’ve not run into it myself.

    Is it your server sunning DNSmasq that your getting the error message from, or, the clients that are getting their IP that are getting the error message?

    Cheers,

    Billy

  8. Hi Billy, sorry for the delay.

    dnsmasq server is giving the connection refused. Had to revert to the wireless router as a DHCP server with it built in DNS forwarder, all internet access died when dnsmasq stopped working. I did notice a resolvconf upgrade which I applied without giving much thought to, now I’m regretting it. Haven’t spent anymore time troubleshooting, the only thing I’ve found so far is the following in /var/log/syslog:

    Jun 26 07:15:27 phonebook dnsmasq[1186]: reading /etc/resolv.conf
    Jun 26 07:15:27 phonebook dnsmasq[1186]: ignoring nameserver 127.0.0.1 – local interface
    Jun 26 07:15:27 phonebook dnsmasq[1186]: using local addresses only for domain XXXXXXXXX

  9. Oh, sorry, last thing I noticed. Changed dns-namservers from 127.0.0.1 to the router IP in /etc/network/interfaces.

    With the dnsmasq server running:
    root@phonebook:~# nslookup google.ca
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    ** server can’t find google.ca: REFUSED

    After issuing service dnsmasq stop:

    root@phonebook:~# nslookup google.ca
    Server:
    Address: #53

    Non-authoritative answer:
    Name: google.ca
    Address: 24.244.4.123
    Name: google.ca
    Address: 24.244.4.93
    Name: google.ca
    Address: 24.244.4.109
    Name: google.ca
    Address: 24.244.4.113
    Name: google.ca
    Address: 24.244.4.99
    Name: google.ca
    Address: 24.244.4.118
    Name: google.ca
    Address: 24.244.4.108
    Name: google.ca
    Address: 24.244.4.94
    Name: google.ca
    Address: 24.244.4.114
    Name: google.ca
    Address: 24.244.4.84
    Name: google.ca
    Address: 24.244.4.103
    Name: google.ca
    Address: 24.244.4.104
    Name: google.ca
    Address: 24.244.4.98
    Name: google.ca
    Address: 24.244.4.88
    Name: google.ca
    Address: 24.244.4.119
    Name: google.ca
    Address: 24.244.4.89

    dnsmasq is definitely not happy with me

  10. Oh boy. PEBKAC.

    At some point, I must have been horsing around, added a line to /etc/dnsmasq.conf [won’t add it here, in case someone comes across this looking for the same info] .. commented it out, hey look at that all works as it’s supposed to … derp

    So, for anyone who comes across Billy’s excellent post looking for info about Ubuntu 14.04:

    Follow everything above as Billy’s layed out except for:
    1) do not edit /etc/resolv.conf by hand, instead, make /etc/resolvconf/resolv.conf.d/base look like the following:

    name_servers 8.8.8.8
    name_servers 8.8.4.4
    name_servers 2001:4860:4860::8888
    name_servers 2001:4860:4860::8844

    2) issue resolvconf -u to update /etc/resolv.conf

    3) do not try playing around with things, and then forget the stuff you changed, otherwise you’ll just be wasting yours and Billy’s time ;)

  11. Me again, last time, I promise.

    For Ubuntu 14.04 users, simplify your life further: don’t bother with any resolvconf files

    When you’re setting up a static IP, just add dns-nameservers to your /etc/network/interfaces file. When the NIC comes up, resolver picks it all up. Then, when dnsmasq service starts, it will autopopulate /var/run/dnsmasq/resolv.conf which is what dnsmasq is actually using [not /etc/resolv.conf anymore]

  12. Hi VK,

    Glad you managed to sort it out, and thanks for the input which is appreciated. Hopefully someone using Ubuntu 14.04 will find it useful, might even try it myself when I upgrade :-)

    Cheers,

    Billy

Leave a Reply