What is DNSMASQ?
A caching DNS forwarder. Dnsmasq is lightweight, easy to configure DNS forwarder designed to provide DNS (domain name) services to a small network where using BIND would be overkill. It can be have its upstream DNS servers automatically configured by PPP or DHCP and it can serve the names of local machines which are not in the global DNS. It can integrate with the ISC DHCP daemon to serve the names of local machines which are configured using DHCP. Dnsmasq is ideal for networks behind NAT routers and connected via modem, ISDN, ADSL, or cable-modem.
Assumptions made
- You have an internet connection.
- Your running Linux (Ubuntu 10.04 or a Debian derivative).
- You know how to turn off the built in DHCP server on your own router at the end of the instructions.
Install DNSMASQ.
sudo apt-get install dnsmasq
Copy and rename the config file, just in case you make a mistake along the way.
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.old
Edit the config file.
sudo nano /etc/dnsmasq.conf
This is the edited (the parts that I used from the config file. It’s works fine for my network which is quite generic. Like most home users, I’m behind a wireless router that does NAT so my network is a class C private network.
# Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # uneccessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link uneccessarily. # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/localnet/ # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=eth0 # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) listen-address=127.0.0.1 # comment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.10,192.168.1.110,7d # These PC's have static IP's on my network, so I don't want to # allocate the IP's to anything else. Your of course # will be different. Feel free not to include the following. dhcp-host=00:03:1d:04:67:f0,workstation,192.168.1.10,infinite dhcp-host=00:30:18:a8:93:4d,orion,192.168.1.15,infinite # I do some development work on a Virtual Machines, I always call # that machine dev so it makes sence for me to allocate the same # IP address to any workstation called dev. This is just for my # network so feel free to not to include the following line or this # comment. dhcp-host=dev,192.168.1.11,infinite # Override the default route supplied by dnsmasq, which assumes the # router is the same machine as the one running dnsmasq. # # This is the IP address of MY ROUTER, it might be different to your # home network dhcp-option=3,192.168.1.254 # Set the NTP time server address to be the same machine as # is running dnsmasq. If your not running a NTP server on the # same machine as dnsmasq, then this isn't needed. dhcp-option=42,0.0.0.0 # This is only really needed if you are running samba on the same machine # as dndmasq, if your not, then you don't need this. # # The following DHCP options set up dnsmasq in the same way as is specified # for the ISC dhcpcd # # adapted for a typical dnsmasq installation where the host running # dnsmasq is also the host running samba. # # you may want to uncomment some or all of them if you use # Windows clients and Samba. dhcp-option=19,0 # option ip-forwarding off dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type # Send microsoft-specific option to tell windows to release the DHCP lease # when it shuts down. Note the "i" flag, to tell dnsmasq to send the # value as a four-byte integer - that's what microsoft wants. See dhcp-option=vendor:MSFT,2,1i
Next you need to add a few Recursive DNS Server for DNSMASQ to use. I’m going to be using the free servers provided by Google. Thankfully DNSMASQ now supports IPv6 RDNS servers, which is very good if you happen to be running dual stack IPv4 and IPv6 which I am at home.
Edit the resolv.conf file.
sudo nano /etc/resolv.conf
Add the following to the resolv.conf file.
# Allow applications on the machine hosting dnsmasq to also use it too nameserver 127.0.0.1 # Google IPv4 DNS nameserver 8.8.8.8 nameserver 8.8.4.4 # Google IPv6 DNS nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844
DNSMASQ will read the host file on startup of your server and create DNS entries for these, so you only need to keep one hosts file up to date (which is a nice timesaver).
My hosts file looks like this, your of course will look different.
cat /etc/hosts 127.0.0.1 localhost 192.168.1.10 Workstation 192.168.1.15 orion 192.168.1.11 Dev 192.168.1.254 Router
Now restart DNSMASQ and everything should work.
sudo /etc/init.d/dnsmasq restart
This step is only a reminder to myself and not needed, by default, I turn on ufw and block everything, only opening ports when needed. So I need to open the ports for DHCP and DNS resolution to allow this to work on my network.
sudo ufw allow bootps sudo ufw allow 53/udps sudo ufw allow 53/tcp
References:
Dnsmasq – Community Ubuntu Documentation
HowTo/dnsmasq – Debian Wiki
dnsmasq – A DNS forwarder for NAT firewalls
Man Page of dnsmasq
Linux Home Server HOWTO – Domain Name System (Bind)
Naming conventions in Active Directory, sites, and OUs
Quick HOWTO: Ch18 : Configureing DNS – Linux Home Networking
redhat.com – How to set up a home DNS server
Creating Internal DNS Somain Names: Domain Name System(DNS)
What is DNSMASQ
Hey, is it easy enough to set DNSMasq to only forward DNS queries to public DNS as opposed to trying to resolve the internal ones?
I already have internal DNS that will handle all internal name resolution but my firewall will not pass-though DNS queries to ISP DNS hence the need for another server.
Are you proposing to forward queries from your already working internal DNS, to another server that is handling external DNS queries, then the answer is yes. But my question is, why bother? Surely you can extend your internal DNS server to resolve external DNS requests?
Just a minor error in your guide.. if the config file you posted is the one you’re using, then you’re actually using a Class C private network not a Class B as the guide states (which is in the 172.16.x.x to 172.31.x.x range)
Other than that awesome guide. I currently have isc-dhcpd running but am thinking of just using dnsmasq since it’s much lighter weight and I don’t have enough machines to really require dhcpd
Yep, well spotted, just corrected it
Private network address – Wikipedia