So, why do you even need dnsmasq? Afterall, your ISP provides DNS and your home network gateway/router likely provides DHCP service for your network, right?

dnsmasq is a small, lightweight, and easy to configure caching DNS proxy and DHCP server targeted at small or home networks. It can serve the names of local hosts which are not in the global DNS, and its DHCP server integrates with its DNS server to allow hosts with DHCP-allocated addresses to appear in the DNS along with names configured either in each host or in its configuration file. dnsmasq supports static and dynamic DHCP leases and even BOOTP/TFTP for network booting of diskless hosts. dnsmasq is opensource software and is distributed under the terms of the GPL. Supported platforms include Linux, *BSD, Solaris and Mac OS X.

The operating system on which dnsmasq will be used in this article is Ubuntu (Debian-based OS).

Download and Install

We can choose to install dnsmasq on an Ubuntu server-based machine (on any other Debian-based system). However, any host on your network in which you can add one or more external nameservers to /etc/resolv.conf and some or all of your hosts in /etc/hosts, can easily be used for hosting dnsmasq.

To install dnsmasq on a Debian-based distribution like Ubuntu:

sudo apt-get install dnsmasq

On Fedora-based distributions:

$ su
# yum install dnsmasq

And on *BSD, if you’ve installed the Ports collection:

$ cd /usr/ports/dns/dnsmasq/ 
$ su
# make install clean

Or, if you would prefer to add the package:

$ su
# pkg_add -r dnsmasq

The dnsmasq script will be installed in /etc/init.d, symlinked from runlevels 2-5, and start automatically in a Debian-based distribution like Ubuntu.

In Fedora-based distributions, the dnsmasq script is installed in /etc/init.d; however, you will need to create a symbolic link to it from the appropriate runlevel directory in order for it to start automatically at boot time. This is typically done using chkconfig command as root.

The following example shows how to add the dnsmasq script to runlevels 2-5 and start dnsmasq in Fedora:

$ su
# chkconfig dnsmasq on
# /etc/init.d/dnsmasq start

Newer versions of Fedora, however, may require this set of commands instead:

$ su
# systemctl enable dnsmasq.service
# systemctl start dnsmasq.service

In *BSD, the dnsmasq script will be installed in /usr/local/etc/rc.d. To get dnsmasq to start at boot time, add the following line to /etc/rc.conf:

dnsmasq_enable="YES"

Then start dnsmasq:

$ su
# /usr/local/etc/rc.d/dnsmasq start

Configure

Configuring dnsmasq is straightforward. The various DHCP and DNS options can be passed via command line when starting dnsmasq, or may be set via its configuration file, dnsmasq.conf. I generally prefer to use dnsmasq’s configuration file; it’s very well commented and easy to follow.

Let’s walk through the changes I made to the default configuration file in order to provision both DNS and DHCP service for our network. Make sure you create a backup copy of your default file before you begin.

To start, we uncommented the following two options to force dnsmasq to filter our local network DNS queries so they did not reach the public DNS servers.

# Never forward plain names (without a dot or domain part)


domain-needed


# Never forward addresses in the non-routed address spaces.


bogus-priv

By default, dnsmasq will send queries to any of the nameservers you define in /etc/resolv.conf, however, it will try to favor those it knows to be up. Uncommenting the following setting forces dnsmasq to use the nameservers listed in /etc/resolv.conf strictly in the order they appear. Since we had a pretty good sense of which DNS servers we wanted to use and in what order we uncommented this line:

strict-order

By default dnsmasq will listen for DNS queries on all network interfaces. We have several interfaces on our test server (Hamachi, eth0, eth1, etc.), but only one that is physically connected to our local network, so we uncommented the following line in order to force dnsmasq to listen for DHCP and DNS requests on that interface only – in our case eth0.

Simply repeat the line with the another interface name if you have additional interfaces you would like dnsmasq to listen to.

interface=eth0

The following two lines are optional; however, if used, dnsmasq will append the domain name you choose to the host names defined in dnsmasq.conf and/or /etc/hosts.

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.


expand-hosts


# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"


domain=home.net

To enable dnsmasq’s integrated DHCP server you’ll need to uncomment the following line and provide the range of addresses available for lease in your network, and optionally, a lease time.

dhcp-range=192.168.10.100,192.168.10.254,24h

If you have a host on your network that you’d like to have receive the same IP address every lease, then uncomment the following line and provide the host’s MAC address, as well as the preferred IP address – one from the dhcp-range you defined above. For example, we like to have the computer we use most often receive the same IP address. That way we can easily forward ports to it, etc. Alternatively, we could have simply given it a static IP address and defined the name/address combination in the /etc/hosts file of the machine hosting dnsmasq.

dhcp-host=00:27:0E:02:A8:AE,192.168.10.100

If your network is anything like ours you probably have devices that don’t have a host names associated with them the same way a computer does (e.g., Xbox 360). The following parameter will assign a name to these devices in dnsmasq. You’ll need to provide the devices’s MAC address and the name you’d like associated with it. Here’s an example of how we have this defined in our network:

dhcp-host=00:0B:E6:05:38:47,wii
dhcp-host=00:22:48:48:EE:37,xbox2
dhcp-host=00:12:5A:99:67:DE,xbox1
dhcp-host=00:04:5A:A5:26:B0,tivo1
dhcp-host=00:1D:7E:00:E5:58,tivo2

By default dnsmasq assumes that host running dnsmasq is your gateway/router. That wasn’t the case in out network so we needed to specify the IP address of our Cisco gateway/router in the following line:

dhcp-option=3,192.168.10.1

The DHCP server needs somewhere keep its lease database file. We simply retained the default location chosen by dnsmasq for our test Ubuntu server install. Note that this default location will vary depending on which platform your using to host dnsmasq:

#dhcp-leasefile=/var/lib/misc/dnsmasq.leases

Finally, you can adjust the number of entries dnsmasq will keep in its DNS cache in the following line. We retained the default of 150.

#cache-size=150

That’s it for configuring dnsmasq.conf. Keep in mind though that the options described here really only scratch the surface. We would strongly urge you to read through dnsmasq.conf thoroughly as there are many more options available for fine-tuning dnsmasq’s numerious capapbilities. But for now let’s move on and consider two additional files, /etc/resolv.conf and /etc/hosts, that are important when configuring dnsmasq.

resolv.conf

dnsmasq will consult a several locations when going about the business of resolving your network’s DNS queries.

These locations include its internal cache, for any queries it may have already resolved; /etc/hosts, for any static name/IP address combinations that may be defined there; and, if the DHCP server is being utilized, it will of course know from its configuration file and lease database file which IP addresses it has assigned to the hosts configured to use DHCP. When it can’t resolve DNS queries via these methods, dnsmasq will send queries to the nameservers defined in /etc/resolv.conf.

You must have at least one public DNS server defined there and it’s typical to simply use the DNS server(s) provided by your ISP. Following is an example of how we have our /etc/resolv.conf file configured. Recall that I uncommented the strict-order line in dnsmasq.conf as described above so dnsmasq will utilize DNS servers in the order we have them listed here.

#Allow applications on the machine hosting dnsmasq to also use it too
nameserver 127.0.0.1


#Google DNS
nameserver 8.8.8.8


#OpenDNS
nameserver 208.67.222.222
nameserver 208.67.220.220


#Cox
nameserver 68.105.28.11
nameserver 68.105.29.11
nameserver 68.105.28.12


#An option to use our network gateway/router as the upstream DNS. Note that the #pubic DNS server addresses will need to be defined in the router.
#nameserver 192.168.10.1

/etc/hosts

As we mentioned, dnsmasq will consult the /etc/hosts file on the host its running on when resolving DNS queries. This comes handy when there are hosts in your network that you have assigned, or would like to assign, static IP addresses to.

In those cases the host name/IP address combinations can simply be added to /etc/hosts. In fact, if desired, you could elect not to use dnsmasq’s DHCP server at all and rely soley on dnsmasq’s use of /etc/hosts to resolve local IP addresses.

In this respect, /etc/hosts is no different than any other host file resident on most computers except that now you only need to maintain the one file. Of course, the tradeoff is that you’ll need to configure static IP addresses on all your hosts.

We settled on a hybrid approach for our network. We configured all client hosts (laptops, desktop PCs, game consoles, etc) to use dnsmasq’s DHCP server, and configured all servers and network equipment (access point, router, network printers, etc.) with static IP addresses. Here’s an example of our /etc/hosts file:

127.0.0.1       localhost
192.168.10.1    router
192.168.10.2    wap
192.168.10.4    server1
192.168.10.11   server2
192.168.10.51   print-hp
192.168.10.52   print-canon

Final Steps

Once dnsmasq.conf, /etc/resolv.conf, and /etc/hosts are configured to your liking, restart dnsmasq:

# /etc/init.d/dnsmasq restart

Or, if your using *BSD:

# /usr/local/etc/rc.d/dnsmasq restart

Make sure to disable any other DHCP servers that may be running in your network, then simply configure your hosts to use DHCP – they should recieve an IP address that’s in the range defined in dnsmasq.conf.

If you’re planning on configuring some hosts with static IP addresses, set the IP address of the host running dnsmasq as the DNS server and IP address of the gateway/router as the gateway. You’ll also want to make sure to enter that host/IP address information in /etc/hosts on the host running dnsmasq.

That’s it! You now have DNS and DHCP service up and running in your network.

Now let’s run a quick test to make sure dnsmasq is caching DNS queries. The simplest to do that is to use the dig utility:

$ dig iceflatline.com

When you look at the output from dig and find the line showing the query time. Note the time and run the command again. You should see a noticable improvement in response time indicating that dnsmasq is caching query results locally.