HOWTO: Setup dnsmasq as DNS DHCP

This post will explain how to Setup dnsmasq as DNS DHCP.

What is Dnsmaq

This description of dnsmasq shamelessly taken from the dnsmasq home page.

dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN.

Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts. It can also act as the authoritative DNS server for one or more domains, allowing local names to appear in the global DNS.

The dnsmasq DHCP server supports static address assignments and multiple networks. It automatically sends a sensible default set of DHCP options, and can be configured to send any desired set of DHCP options, including vendor-encapsulated options. It includes a secure, read-only, TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP. The PXE support is full featured, and includes a proxy mode which supplies PXE information to clients whilst DHCP address allocation is done by another server.

The dnsmasq DHCPv6 server provides the same set of features as the DHCPv4 server, and in addition, it includes router advertisements and a neat feature which allows naming for clients which use DHCPv4 and stateless auto-configuration only for IPv6 configuration. There is support for doing address allocation (both DHCPv6 and RA) from subnets which are dynamically delegated via DHCPv6 prefix delegation.

Dnsmasq is coded with small embedded systems in mind. It aims for the smallest possible memory footprint compatible with the supported functions, and allows unneeded functions to be omitted from the compiled binary.

In short, IT IS EXCELLENT!!

Installing dnsmasq

Installing dnsmasq is just a case of using apt-get.

sudo apt-get install dnsmasq

Setup dnsmasq as DNS DHCP

Looking at the file /etc/dnsmasq.conf first. The lines are listed are those that I changed from their defaults. Just uncomment and amend them as necessary. (Remove the ‘#’ from the beginning of the line).

sudo nano /etc/dnsmasq.conf
domain-needed
bogus-priv
no-resolv
no-poll
server=/example.com/192.168.0.5
server=8.8.8.8
server=208.67.220.220
local=/example.com/
address=/doubleclick.net/127.0.0.1
no-hosts
addn-hosts=/etc/dnsmasq_static_hosts.conf
expand-hosts
domain=example.com
dhcp-range=192.168.0.20,192.168.0.50,72h
dhcp-range=tftp,192.168.0.250,192.168.0.254  
dhcp-host=mylaptop,192.168.0.199,36h
dhcp-option=option:router,192.168.0.1
dhcp-option=option:ntp-server,192.168.0.5
dhcp-option=19,0 # ip-forwarding off
dhcp-option=44,192.168.0.5 # set netbios-over-TCP/IP aka WINS
dhcp-option=45,192.168.0.5 # netbios datagram distribution server
dhcp-option=46,8           # netbios node type

What these lines will do for you.

  • domain-needed This tells dnsmasq to never pass short names to the upstream DNS servers. If the name is not in the local /etc/hosts file then “not found” will be returned.
  • bogus-priv All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts will be returned as “no such domain” and not forwarded to the upstream servers.
  • no-resolv Do not read resolv.conf to find the servers where to lookup dns.
  • no-poll Do not poll resolv.conf for changes
  • server=8.8.8.8 Set one or more DNS servers to use when addresses are not local. These are 8.8.8.8 Google DNS server and open DNS server, 208.67.220.220.
  • local=/example.com/ Our local domain, queries in these domains are answered from /etc/hosts or the static-hosts files.
  • address=/doubleclick.net/127.0.0.1 Use this force an address for the specified domains. e.g to block adverts forced by doubleclck.net to localhost
  • no-hosts This options stops dnsmasq using the local /etc/hosts file as a source for lookups .
  • addn-hosts=/etc/dnsmasq_static_hosts.conf Force dnsmasq to use this file for lookups. It is in the same format as /etc/hosts.
  • expand_hosts So we can see our local hosts via our home domain without having to repeatedly specify the domain in our /etc/hosts file.
  • domain This is your local domain name. It will tell the DHCP server which host to give out IP addresses for.
  • dhcp-range This is the range of IPs that DHCP will serve: 192.168.0.20 to 192.168.0.50, with a lease time of 72 hours. The lease time is how long that IP will be linked to a host. (All most 🙂 )
  • dhcp-range=tftp,192.168.0.250,192.168.0.255 For tftp connections use this range of IP addresses
  • dhcp-host=mylaptop,192.168.0.199,36h Any machine saying they are hostname = ‘mylaptop’ gets this IP address
  • dhcp-option=option:router,192.168.0.1 When a host is requesting an IP address via DHCP also tell it the gateway to use.
  • dhcp-option=option:ntp-server,192.168.0.5 When a host is requesting an IP address via DHCP also tell it the NTP to use.
  • In the file /etc/dnsmasq_static_hosts.conf you can add a list of local machines with static IP addresses in the same format as the hosts file. It is also an easy way of creating aliases or CNAME records.

    192.168.0.8  mail mail.example.com
    192.168.0.9  smtp smtp.example.com
    192.168.0.120 mythtvbox mythtvbox.example.com
    

    Starting and stopping the service

    sudo service dnsmasq start
    sudo service dnsmasq stop
    sudo service dnsmasq restart
    

    Useful links

16 thoughts on “HOWTO: Setup dnsmasq as DNS DHCP

  1. James Rittinghouse

    Just wanted to say “Thank You” for your blogs. At 57, I am re-learning (just for fun) about virtual labs, linux and many more things once forgotten. Following your examples has been fun and very informative. Thanks again and please keep up the “excellent” work. – Gives me hope that I’m not as ancient as I thought, a chance to understand from “today’s” perspective, and a bit of enthusiasm for the progress and evolution of technology over the years. … Bravo !!! … and besides; it’s just plain fun to build stuff!

    Reply
    1. Richard Post author

      Thanks for the kind words. Age has nothing to do with leaning new tricks. 🙂 I wrote my first “Hello World!” computer program back in April 1981 on an Acorn Atom with a massive 2048 bytes RAM:-). I’m only a few years younger than yourself.

      I totally agree it’s just good fun playing around with Linux!

      Reply
      1. Trond Nyløkken

        Acorn Atom 2048 bytes yes I usen the Rockwell AIM 65 with the 4096 Tam and I was able to interface with a selfbuildt interface for a 5 1/4 inh fD drive. I altso increase the memory to 64Kb eksta by using memory mapping. :)) Those days

        Trond Nyløkken

        Reply
  2. Kevin

    Hi Richard

    simple guide but im not able to get my dnsmasq running
    “Restarting DNS forwarder and DHCP server configuration syntax check” [fail]

    I just typed this options into a plain file at /etc/dnsmasq.conf

    Reply
  3. John

    All good stuff.

    dhcp-host=FF:FF:FF:FF:FF:FF,mylaptop # Replace FF with MAC address

    I use the above where I want the same DHCP DNS name for clients all the time.
    This is good for a small environment with only a few devices and you want to restrict who has access to DHCP.
    The router (dnsmasq can be used on routers with third party fw) is set to ignore unknown DHCP requests, where only the listed dhcp-host are allocated IP addresses.

    Think I did my first hello world on a VAX-11/780 around 1981

    Reply
  4. Brian Mason

    I am trying to setup SAMBA as my home PDC. I would like to use dnsmasq for my DNS and DHCP server on my network and it will be installed on my SAMBA server. In your SAMBA setup document you used bind for you dns server and here are the SAMBA setting you used:

    •Realm: BLACK.DRAGON.LAB
    •Domain: BLACK
    •Server Role: dc
    •DNS Backend: BIND_DLZ
    •Administrator password:

    If I use dnsmasq what would I enter for the DNS Backend during the SAMBA configuration?

    Thanks!

    Reply
    1. Richard Post author

      Google “dnsmasq samba” with all paid results turned off.
      Read the first result.
      Read the second result.
      Read the third result.

      🙂

      It seems that you cannot use dnsmasq.

      Reply
  5. Thiago Martins

    Awesome post!

    What about running 1 dnsmasq process, for multiple interfaces, each one with its own range and gateway?

    I’m trying to mimic libvirt networks, for openvswitch bridges but, I don’t want to manage multiple dnsmasqs process, one for each network/bridge, like libvirt does, instead, I want 1 dnsmasq process, controlling multiple interfaces, which are in fact, openvswitch bridges. Planning to add/remove interfaces/networks via /etc/dnsmasq.d/*.conf files, followed by “systemctl reload dnsmasq”.

    Ubuntu based… Any idea? 😛

    Thiago

    Reply
    1. Richard Post author

      You can use dnsmasq on multiple interfaces with different gateways, read through the comments in the config file and set a tag when assigning the IP address with DHCP. I do that to create a guest Wifi network an internal Office network.

      Reply
  6. Mike M.

    I followed your tutorial for bind previously and while I got through it and it was working well for a long time (and a great tutorial, btw), dnsmasq blows all that away. Thanks for this tutorial which is equally as brilliant.

    Reply
  7. Steve

    Thank you to this author. You are one of the few authors that I have seen that stays focused and actually lists the important dnsmasq parameters. Most other articles go off rambling about all kinds of look-what-I-can-do blather that isn’t of use to 99% of the users wanting to setup basic dhcp and dns. If only your qualities could rub off onto the rest of the Linux community! Thank you!!

    Reply
  8. PJ

    I’m just trying to find out how to actually test if my DNSmasq setup is configured correctly.

    It’s there any easy way to say, ask my public DNSmasq IP address to resolve a domain name and see what response they give? Eg a command like:

    $> iplookup 45.12.2.19.1:5656 mydomain.com
    > 45.12.2.19.8

    Where iplookup was some local command line tool, the first IP address is my servers public IP address and the IP address returned is the address of my public HTTP server (if DNSmasq is configured correctly).

    Specifically, I’m trying to get around a hairpinning issue on my router so my local network can still resolve my locally hosted domain names. I’m setting up DNSmasq to point to local IP addresses for my locally hosted domains, and then pointing my router to that. I want to check that DNSmasq is working right first though, so I know where the issues are if they arise.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *