18 C
Texas

How To Install & configure Dnsmasq on Ubuntu 18.04 LTS

Today we are going to Install & configure Dnsmasq DNS Server on Ubuntu 18.04 LTS. Dnsmasq is a simple, lightweight, easy to use & manage DNS server along with support for Lua scripting, IPv6, DNSSEC etc. It has a small footprint hence, suitable for resource-constrained routers & firewalls.

Dnsmasq has been designed to provide DNS, and optionally DHCP/TFTP services for a small to mid-size networks. Fist of all we will look at Dnsmasq subsystems & then move toward the Installation.

Dnsmasq has three main subsystems.

  • DNS subsystem: Used for caching of A. AAAA,CNAME & PTR.
  • DHCP subsystem: It supports DHCPv4, DHCPv6,BOTP & PXE.
  • Router Advertisement: Provides basic autoconfiguration for IPv6 host.

Step 1: Installing Dnsmasq on Ubuntu 18.04

Disable systemd-resolve as it binds to port 53 due to which Dnsmasq will be effected.

- Advertisement -

Type the given command to disable the resolved service.

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Also, remove the sysmlinked resolv.conf file by

$ ls -lh /etc/resolv.conf 
lrwxrwxrwx 1 root root 39 Aug 8 15:52 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
$ sudo rm /etc/resolv.conf

Then create new resolv.conf file

echo "nameserver 8.8.8.8" > /etc/resolv.conf

As Dnsmasq is available on the apt repository, install it by typing

sudo apt-get install dnsmasq

You can find the main config file for Dnsmasq under /etc/dnsmasq.conf

sudo nano /etc/dnsmasq.conf

See the minimal configuration

Listen on this specific port instead of the standard DNS port
(53). Setting this to zero completely disables DNS function,
leaving only DHCP and/or TFTP.
port=53
Never forward plain names (without a dot or domain part)
domain-needed
Never forward addresses in the non-routed address spaces.
bogus-priv
By default, dnsmasq will send queries to any of the upstream
servers it knows about and tries to favour servers to are known
to be up. Uncommenting this forces dnsmasq to try each query
with each server strictly in the order they appear in
/etc/resolv.conf
strict-order
Set this (and domain: see below) if you want to have a domain
automatically added to simple names in a hosts-file.
expand-hosts
Set the domain for dnsmasq. this is optional, but if it is set, it
does the following things.
1) Allows DHCP hosts to have fully qualified domain names, as long
as the domain part matches this setting.
2) Sets the "domain" DHCP option thereby potentially setting the
domain of all systems configured by DHCP
3) Provides the domain part for "expand-hosts"
domain=thekelleys.org.uk
domain=mypridomain.com
Set Liste address
listen-address=127.0.0.1 # Set to Server IP for network responses

To enable DNSSEC validation & caching, uncomment

#dnssec

Do the config according to your own environment & restart dnsmasq services.

sudo systemctl restart dnsmasq

Step 2: Add DNS records to Dnsmasq

Add DNS records in the file /etc/hosts/. Dnsmasq will reply to queries from clients using these records.

$ sudo vim /etc/hosts
10.1.3.4 server1.mypridomain.com
10.1.4.4 erp.mypridomain.com
192.168.10.2 checkout.mypridomain.com
192.168.4.3 hello.world

Then restart dnsmasq services.

sudo systemctl restart dnsmasq

Step 3: Test Dnsmasq functionality

Edit the file /etc/network/interfaces for persistent configuration, or the file /etc/netplan/ on Ubuntu 18.04 servers. As it is a test, I’ll modify runtime file /etc/resolv.conf

$ sudo nano /etc/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8

Then test using dig:

$ dig A erp.mypridomain.com
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> A erp.mypridomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43392
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;erp.mypridomain.com. IN A
;; ANSWER SECTION:
erp.mypridomain.com. 0 IN A 10.1.4.4
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 21 10:35:41 UTC 2018
;; MSG SIZE rcvd: 64

See the other example

$ dig checkout.mypridomain.com A +noall +answer
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> checkout.mypridomain.com A +noall +answer
;; global options: +cmd
checkout.mypridomain.com. 0 IN A 192.168.10.2

Confirm that we are getting responses as configured.

Step 3:Configure Dnsmasq as DHCP Server (Optional)

Configure /etc/dnsmasq.conf & provide DHCP options. You need to provide.

  • Gateway IP address
  • DNS Server IP address
  • Network Subnet mask
  • DHCP Addresses range
  • NTP Server

Look at the example

dhcp-range=192.168.3.25,192.168.3.50,24h
dhcp-option=option:router,192.168.3.1
dhcp-option=option:ntp-server,192.168.3.5
dhcp-option=option:dns-server,192.168.3.5
dhcp-option=option:netmask,255.255.255.0

Then restart dnsmasq services & configure clients to obtain an IP address from this server.

sudo systemctl restart dnsmasq
- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article