{"id":7063,"date":"2020-10-06T23:55:17","date_gmt":"2020-10-06T20:55:17","guid":{"rendered":"https:\/\/kifarunix.com\/?p=7063"},"modified":"2024-03-14T23:31:51","modified_gmt":"2024-03-14T20:31:51","slug":"configure-local-dns-server-using-dnsmasq-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-local-dns-server-using-dnsmasq-on-ubuntu-20-04\/","title":{"rendered":"Configure Local DNS Server using Dnsmasq on Ubuntu 20.04"},"content":{"rendered":"\n

Welcome to our tutorial on how to install and configure local DNS Server using Dnsmasq on Ubuntu 20.04. “Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP and TFTP, to a small network. It can serve the names of local machines which are not in the global DNS<\/em>“.<\/p>\n\n\n\n

If you want to save yourself the hustle of having to configure the DNS server the BIND9 way, using Dnsmasq is the simplest and quickest way to get your local DNS server up and running.<\/p>\n\n\n\n

In this setup, therefore, we will be configuring Dnsmasq as our local caching DNS server to speed to the local DNS resolution.<\/p>\n\n\n\n

Configuring Local DNS Server using Dnsmasq on Ubuntu<\/h2>\n\n\n\n

Run System Update<\/h3>\n\n\n\n

Update your system package cache;<\/p>\n\n\n\n

apt update<\/code><\/pre>\n\n\n\n
Install Dnsmasq on Ubuntu 20.04<\/a><\/h3>\n\n\n\n
Dnsmasq is available on the Ubuntu 20.04 Universe repos. However, before you can install dnsmasq<\/strong><\/code> on Ubuntu 20.04, disable Systemd-resolved service (system service that provides network name resolution to local applications<\/em>).<\/p>\n\n\n\n
systemctl disable --now systemd-resolved<\/code><\/pre>\n\n\n\n
Remove the default resolv.conf file and create a new one with your custom DNS server details to enable you do the installation.<\/p>\n\n\n\n
rm -rf \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n
echo \"nameserver 8.8.8.8\" > \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n
Once that is done, Dnsmasq can be installed by running the command below;<\/p>\n\n\n\n
apt install dnsmasq<\/code><\/pre>\n\n\n\n
Reading package lists... Done\nBuilding dependency tree       \nReading state information... Done\nThe following additional packages will be installed:\n  dns-root-data dnsmasq-base libidn11\nSuggested packages:\n  resolvconf\nThe following NEW packages will be installed:\n  dns-root-data dnsmasq dnsmasq-base libidn11\n0 upgraded, 4 newly installed, 0 to remove and 73 not upgraded.\nNeed to get 382 kB of archives.\nAfter this operation, 1,155 kB of additional disk space will be used.\nDo you want to continue? [Y\/n] y<\/code><\/pre>\n\n\n\n
This installs and starts and enables Dnsmasq service to run on system boot.<\/p>\n\n\n\n
systemctl status dnsmasq<\/code><\/pre>\n\n\n\n
\u25cf dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server\n     Loaded: loaded (\/lib\/systemd\/system\/dnsmasq.service; enabled; vendor preset: enabled)\n     Active: active (running) since Tue 2020-10-06 19:12:31 UTC; 15s ago\n   Main PID: 17726 (dnsmasq)\n      Tasks: 1 (limit: 2282)\n     Memory: 868.0K\n     CGroup: \/system.slice\/dnsmasq.service\n             \u2514\u250017726 \/usr\/sbin\/dnsmasq -x \/run\/dnsmasq\/dnsmasq.pid -u dnsmasq -7 \/etc\/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e>\n\nOct 06 19:12:31 ubuntu20 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...\nOct 06 19:12:31 ubuntu20 dnsmasq[17705]: dnsmasq: syntax check OK.\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: started, version 2.80 cachesize 150\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: DNS service limited to local subnets\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfi>\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: reading \/etc\/resolv.conf\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: using nameserver 8.8.8.8#53\nOct 06 19:12:31 ubuntu20 dnsmasq[17726]: read \/etc\/hosts - 7 addresses\nOct 06 19:12:31 ubuntu20 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.<\/code><\/pre>\n\n\n\n
Configuring Local DNS Server using Dnsmasq<\/a><\/h3>\n\n\n\n
Once Dnsmasq is installed, you can now proceed to configure it as the local caching DNS server on Ubuntu 20.04. \/etc\/dnsmasq.conf<\/strong><\/code> is the default Dnsmasq configuration file. To configure dnsmasq therefore, you need to edit the \/etc\/dnsmasq.conf<\/strong><\/code> file.<\/p>\n\n\n\n
First off, create a copy of the configuration file;<\/p>\n\n\n\n
cp \/etc\/dnsmasq.conf{,.bak}<\/code><\/pre>\n\n\n\n
Next, open the configuration file for editing;<\/p>\n\n\n\n
vim \/etc\/dnsmasq.conf<\/code><\/pre>\n\n\n\n
The file is well commented and all configuration options are self explanatory.<\/p>\n\n\n\n
To begin with, set the port on which Dnsmasq will listen for DNS requests. This defaults to port 53 UDP by default. You can as well explicitly set the port using the port<\/code><\/strong> option.<\/p>\n\n\n\n
port=53<\/code><\/pre>\n\n\n\n
Disable forwarding of names without a dot or domain part;<\/p>\n\n\n\n
domain-needed<\/code><\/pre>\n\n\n\n
Disable forwarding of addresses in the non-routed address spaces;<\/p>\n\n\n\n
bogus-priv<\/code><\/pre>\n\n\n\n
Define an interface (eg, interface=enp0s8<\/strong><\/code>) or the IP address (e.g, listen-address=192.168.x.x<\/strong><\/code>) on which the Dnsmasq can listen for the DNS requests. This usually defaults to the loopback address. In this setup, we set the Dnsmasq to respond to both internal and external DNS requests via a loopback and non-loopback interface IP.<\/p>\n\n\n\n
listen-address=127.0.0.1,192.168.57.3 <\/code><\/pre>\n\n\n\n
Replace you interface IP address accordingly.<\/p>\n\n\n\n
Enable Dnsmasq to automatically append the domain part to the simple names;<\/p>\n\n\n\n
expand-hosts<\/code><\/pre>\n\n\n\n
Set the domain for dnsmasq to append to simple names;<\/p>\n\n\n\n
domain=kifarunix-demo.com<\/code><\/pre>\n\n\n\n
Adjust the size of the cached domain names. The default is 150<\/code>.<\/p>\n\n\n\n
cache-size=1000<\/code><\/pre>\n\n\n\n
The above configuration options are enough for the basic local caching DNS server using Dnsmasq.<\/p>\n\n\n\n
Without comment lines, this is how our Dnsmasq configuration file looks like;<\/p>\n\n\n\n
port=53\ndomain-needed\nbogus-priv\nlisten-address=127.0.0.1,192.168.57.3\nexpand-hosts\ndomain=kifarunix-demo.com\ncache-size=1000<\/code><\/pre>\n\n\n\n
Save and exit the configuration file once done making changes.<\/p>\n\n\n\n
Add the Dnsmasq DNS server IP on \/etc\/hosts file<\/h4>\n\n\n\n
Next, add the Dnsmasq IP address as the primary DNS server on the \/etc\/resolv.conf<\/strong><\/code>.<\/p>\n\n\n\n
sed -i '1i nameserver 192.168.57.3' \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n
The \/etc\/resolv.conf<\/strong><\/code> now looks like;<\/p>\n\n\n\n
cat \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n
nameserver 192.168.57.3\nnameserver 8.8.8.8<\/code><\/pre>\n\n\n\n
Add local DNS Records to Dnsmasq Server<\/h4>\n\n\n\n
Add local DNS entries on the Dnsmasq server \/etc\/hosts<\/strong><\/code> file.<\/p>\n\n\n\n
echo -e “192.168.57.19 centos8.kifarunix-demo.com\\n192.168.57.6 ubuntu18.kifarunix-demo.com” >> \/etc\/hosts<\/p>\n\n\n\n
Do the same for your other local domain names.<\/p>\n\n\n\n
Restart Dnsmasq<\/h4>\n\n\n\n
Run Dnsmasq configuration check;<\/p>\n\n\n\n
dnsmasq --test<\/code><\/pre>\n\n\n\n
dnsmasq: syntax check OK.<\/strong><\/code><\/pre>\n\n\n\n
Restart Dnsmasq;<\/p>\n\n\n\n
systemctl restart dnsmasq<\/code><\/pre>\n\n\n\n
Confirming Port 53;<\/p>\n\n\n\n
netstat -alnp | grep -i :53<\/code><\/pre>\n\n\n\n
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      18313\/dnsmasq       \ntcp6       0      0 :::53                   :::*                    LISTEN      18313\/dnsmasq       \nudp        0      0 0.0.0.0:53              0.0.0.0:*                           18313\/dnsmasq       \nudp6       0      0 :::53                   :::*                                18313\/dnsmasq<\/code><\/pre>\n\n\n\n
Note that dnsmasq binds to the wildcard address, even when it is listening on only some interfaces. This has the advantage of working even when interfaces come and go and change address.<\/p>\n\n\n\n
Open DNS Port on UFW<\/h4>\n\n\n\n
If UFW is enabled, open the DNS port 53, UDP.<\/p>\n\n\n\n
ufw allow from 192.168.0.0\/16 to any port 53 proto udp<\/code><\/pre>\n\n\n\n
Update your source network accordingly.<\/p>\n\n\n\n
Verify DNS resolution<\/h4>\n\n\n\n
Local domain resolution;<\/p>\n\n\n\n
dig ubuntu18.kifarunix-demo.com +short<\/code><\/pre>\n\n\n\n
192.168.57.3<\/code><\/pre>\n\n\n\n
External DNS resolution;<\/p>\n\n\n\n
dig google.com +short<\/code><\/pre>\n\n\n\n
216.58.223.110<\/code><\/pre>\n\n\n\n
Configure DNS Server on Remote Clients<\/h4>\n\n\n\n
Now that the Dnsmasq is ready to server out both DNS local and external queries via the local DNS server, update the DNS entry for the clients on the \/etc\/resolv.conf.<\/p>\n\n\n\n
echo \"nameserver 192.168.57.3\" > \/etc\/resolv.conf<\/code><\/pre>\n\n\n\n
Replace the Dnsmasq IP accordingly.<\/p>\n\n\n\n
Perform local dns queries;<\/p>\n\n\n\n
dig ubuntu18.kifarunix-demo.com<\/code><\/pre>\n\n\n\n
; <<>> DiG 9.11.13-RedHat-9.11.13-6.el8_2.1 <<>> ubuntu18.kifarunix-demo.com\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57550\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;ubuntu18.kifarunix-demo.com.\tIN\tA\n\n;; ANSWER SECTION:\nubuntu18.kifarunix-demo.com. 0\tIN\tA\t192.168.57.3\n\n;; Query time: 1 msec\n;; SERVER: 192.168.57.3#53(192.168.57.3)\n;; WHEN: Tue Oct 06 00:20:02 EAT 2020\n;; MSG SIZE  rcvd: 72<\/code><\/pre>\n\n\n\n
Now, let us time the DNS queries using the drill<\/strong> utility. To use this tool, you need to install ldns-utils<\/strong><\/code> package on CentOS or ldnsutils<\/strong><\/code> package on Ubuntu. Assuming the packages are installed, use drill<\/strong><\/code> utility to verify DNS caching;<\/p>\n\n\n\n
First time query run;<\/p>\n\n\n\n
drill google.com | grep \"Query time\"<\/code><\/pre>\n\n\n\n
;; Query time: 25 msec<\/code><\/pre>\n\n\n\n
Second time query;<\/p>\n\n\n\n
drill google.com | grep \"Query time\"<\/code><\/pre>\n\n\n\n
;; Query time: 1 msec<\/code><\/pre>\n\n\n\n
Hurraaay!! the Dnsmasq is now configured and running a local caching DNS server.<\/p>\n\n\n\n
Related Tutorials<\/h3>\n\n\n\n
Setup Caching-Only DNS Server using BIND9 on Ubuntu 20.04<\/a><\/p>\n\n\n\n
Configure BIND DNS Server using Webmin on CentOS 8<\/a><\/p>\n\n\n\n
Setup Bind DNS Using Webmin on Debian 10<\/a><\/p>\n\n\n\n
Configure BIND as Slave DNS Server on Ubuntu 18.04<\/a><\/p>\n\n\n\n
How to Setup Master-Slave DNS Server using BIND on CentOS 7<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Welcome to our tutorial on how to install and configure local DNS Server using Dnsmasq on Ubuntu 20.04. “Dnsmasq is a lightweight, easy to configure,<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,971,128,173],"tags":[2623,2622,2621,2619,973,2620,2617,2618,2616,1200],"class_list":["post-7063","post","type-post","status-publish","format-standard","hentry","category-howtos","category-dns","category-lpic-2","category-lpic-2-exam-202-405-topics-and-objectives","tag-etc-hosts","tag-etc-resolv-conf","tag-caching-only-dns","tag-configure-dnsmasq-as-local-caching-dns-server","tag-dns","tag-dnsmasq","tag-dnsmasq-local-caching-dns-server","tag-dnsmasq-ubuntu-20-04","tag-install-dnsmasq-ubuntu-20-04","tag-ubuntu-20-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7063"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=7063"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7063\/revisions"}],"predecessor-version":[{"id":21540,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/7063\/revisions\/21540"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=7063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=7063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=7063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}