Dnsmasq: Difference between revisions

Dnsmasq

Dnsmasq - http://www.thekelleys.org.uk/dnsmasq/doc.html

"Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines."

Installation

Manual Installation

mkdir -p ~/.src ; cd ~/.src
git clone git://thekelleys.org.uk/dnsmasq.git
cd dnsmasq
git checkout v2.63
make clean
make

# installs only two files: 'dnsmasq' and the man page
# sudo make install  # installs to /usr/local/sbin/
sudo make install PREFIX=/opt/dnsmasq

# configuration files directory
# sudo cp dnsmasq.conf.example /etc/dnsmasq.conf
TFILE=`mktemp`
cat > $TFILE <<EOF

#local-ttl=300
expand-hosts
domain=qa.onpar.net
#log-queries
conf-dir=/etc/dnsmasq.d
#resolv-file=/etc/resolv.conf

EOF
sudo cp $TFILE /etc/dnsmasq.conf
rm -f $TFILE
sudo mkdir -p /etc/dnsmasq.d

# startup, or use the init.d script following
./dnsmasq -s `dnsdomainname`

Set the localhost or loop device on the server as a nameserver so it can use the DNS service that it is running. Add the nameserver line below to the top of the list in /etc/resolv.conf.

# /etc/resolv.conf:
nameserver  127.0.0.1

Add the IP address of the DNS host to the /etc/hosts for reverse DNS lookup.

# /etc/hosts
10.10.10.1    fw

See dnsmasq-init.d

RPM Forge

yum install dnsmasq --enablerepo=rpmforge
service dnsmasq start

Configuration

Easy: just put what you want in /etc/hosts, and restart dnsmasq

config files go in /etc/dnsmasq.d/

Sample /etc/dnsmasq.conf:

# Log the results of DNS queries handled by dnsmasq
# NOTE: logs are logged to daemon.debug, make sure syslog captures that level.
log-queries

# Local domain TTL
local-ttl=60

# Never pass short names to the upstream DNS servers. 
# If the name is not in the local /etc/hosts file then "not found" will be returned.
domain-needed

# All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts will be
# returned as "no such domain" and not forwarded to the upstream servers.
bogus-priv

# We can see our local hosts via our home domain without having to
# repeatedly specify the domain in our /etc/hosts file.
expand-hosts

# Your local domain name. It will tell the DHCP server which host to give out IP addresses for.
domain=example.com

# The range of IPs that DHCP will serve: 192.168.0.20 to 192.168.0.50, with a lease time
# of 24 hours. The lease time is how long that IP will be linked to a host.
dhcp-range=192.168.0.20,192.168.0.50,24h

References:

• HOWTO Use dnsmasq - http://blogging.dragon.org.uk/index.php/howtos/howto-use-dnsmasq-localhost-nameserver

dhcp

/etc/dnsmasq.d/dhcpd.conf

dhcp-range = eth0, 10.10.10.150, 10.10.10.199, 12h
dhcp-host = 00:10:99:31:b7:09, 10.10.10.7, voip, 24h

#dhcp-host=00:10:99:31:b7:09,10.10.10.7,24h  # voip
dhcp-host=00:0C:29:64:3D:2A,10.10.10.30,24h  # plex

References:

• HowTo/dnsmasq - Debian Wiki - https://wiki.debian.org/HowTo/dnsmasq
• DNSMasq as DHCP server - DD-WRT Wiki - http://www.dd-wrt.com/wiki/index.php/DNSMasq_as_DHCP_server

Clear Lease

Edit the lease file and restart dnsmasq:

# centos
/var/lib/dnsmasq/dnsmasq.leases
# ubuntu
/var/lib/misc/dnsmasq.leases

Authoratiative DNS Server

Sample:

# Do not read /etc/resolv.conf
no-resolv

# Do not read /etc/hosts
no-hosts

# e.g. 
# Define the zone
auth-zone=example.com
# Set SOA record
auth-soa=12345678,admin.example.com
# Set A record
address=/www.example.com/10.2.3.4
# Set MX record
mx-host=example.com,www.example.com,10
# Set TXT record
txt-record=_acme-challenge.www.example.com,f0o...bar

ref: https://unix.stackexchange.com/questions/441019/how-to-configure-dnsmasq-as-an-authoritative-dns-server

---

# ----------------------------------------------------------------------------
# Authoritative DNS config for fqdn.of.rootserver.com
# Example for replacing Bind with dnsmasq
# Source: Stefan Onderka, http://www.onderka.com
# Description: https://www.onderka.com/computer-und-netzwerk/autoritativer-dns-server-mit-dnsmasq/
# Revision 2016-02-10
# ----------------------------------------------------------------------------
# https://www.onderka.com/computer-und-netzwerk/eigener-dyndns-mit-dnsmasq-apache-und-php/
# https://www.onderka.com/computer-und-netzwerk/eigener-dyndns-mit-bind-apache-und-php/
# http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
# http://www.thekelleys.org.uk/dnsmasq/doc.html
# http://www.thekelleys.org.uk/dnsmasq/docs/FAQ
# http://comments.gmane.org/gmane.network.dns.dnsmasq.general/7621
# https://wiki.archlinux.org/index.php/dnsmasq
# ----------------------------------------------------------------------------
# Hostname:     fqdn.of.rootserver.com
# IPv4 address: 10.20.30.40
# IPv6 address: ip:v6::ad::dr:ess
# ----------------------------------------------------------------------------

# Basics
# ----------------------------------------------------------------------------
listen-address=127.0.0.1
listen-address=10.20.30.40
listen-address=ip:v6::ad::dr:ess
no-dhcp-interface=eth0
# Port
port=53
bind-interfaces
#bogus-priv
#domain-needed
# User and group
user=dnsmasq
group=root
# PID file
pid-file=/var/run/dnsmasq/dnsmasq.pid
all-servers
dns-forward-max=100
# TTL for auth replies
auth-ttl=600

# Logging
# ----------------------------------------------------------------------------
# Log to file
log-facility=/var/log/dnsmasq.log
# Log all queries
log-queries
# Query cache
cache-size=16384
# Asynchronous logging, up to 50 lines
log-async=50

# Config files and folders (DynDNS files)
# ----------------------------------------------------------------------------
# Do not read /etc/resolv.conf
no-resolv
# Do not poll /etc/resolv.conf
no-poll
# Do not read /etc/hosts
no-hosts
# Read *.conf from this folder
conf-dir=/var/www/ddns.example.com/dnsmasq/,*.conf

# Authoritative DNS on interface eth0
# ----------------------------------------------------------------------------
auth-server=fqdn.of.rootserver.com,eth0

# My zones and their subnets
# ----------------------------------------------------------------------------
auth-zone=fqdn.of.rootserver.com,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=example.com,10.20.30.40/32,ip:v6::ad::dr:ess/128
# DDNS zone without subnet(s), contains "foreign" IPs
auth-zone=ddns.example.com
auth-zone=example.org,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=example.net,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=another-domain.de,10.20.30.40/32,ip:v6::ad::dr:ess/128

# Local (not forwarded in any case)
# ----------------------------------------------------------------------------
local=/example.com/10.20.30.40
domain=example.com
local=/ddns.example.com/10.20.30.40
domain=ddns.example.com
local=/example.org/10.20.30.40
domain=example.org
local=/example.net/10.20.30.40
domain=example.net
local=/another-domain.de/10.20.30.40
domain=another-domain.de

# SOA config
# ----------------------------------------------------------------------------
auth-soa=2016021014,hostmaster.example.com,1200,120,604800

# Slave NS: nameserver2.provider.com (50.60.70.80)
# ----------------------------------------------------------------------------
# Secondary NS (slave NS at provider)
auth-sec-servers=nameserver2.provider.com
# Allow zone transfers to secondary NS
auth-peer=50.60.70.80

# A/AAAA records - Only 1st address creates PTR record!
# ----------------------------------------------------------------------------
# MX: A/IPv4 only
host-record=mail.example.com,10.20.30.40
# ipv6.example.com: AAAA/IPv6 only
host-record=ipv6.example.com,ip:v6::ad::dr:ess
# All others: A/IPv4 and AAAA/IPv6
host-record=example.com,10.20.30.40,ip:v6::ad::dr:ess
host-record=ddns.example.com,10.20.30.40,ip:v6::ad::dr:ess
host-record=example.org,10.20.30.40,ip:v6::ad::dr:ess
host-record=example.net,10.20.30.40,ip:v6::ad::dr:ess
host-record=another-domain.de,10.20.30.40,ip:v6::ad::dr:ess
host-record=fqdn.of.rootserver.com,10.20.30.40,ip:v6::ad::dr:ess
# Provide an A record for secondary NS
host-record=nameserver2.provider.com,50.60.70.80

# PTR & Reverse
# ----------------------------------------------------------------------------
server=/30.20.10.in-addr.arpa/10.20.30.40
ptr-record=40.30.20.10.in-addr.arpa,mail.example.com
ptr-record=40.30.20.10.in-addr.arpa,example.com
ptr-record=40.30.20.10.in-addr.arpa,ddns.example.com
ptr-record=40.30.20.10.in-addr.arpa,example.org
ptr-record=40.30.20.10.in-addr.arpa,example.net
ptr-record=40.30.20.10.in-addr.arpa,another-domain.de

# MX records
# ----------------------------------------------------------------------------
# All domains use MX mail.example.com
mx-host=fqdn.of.rootserver.com,mail.example.com,10
mx-host=example.com,mail.example.com,10
mx-host=example.org,mail.example.com,10
mx-host=example.net,mail.example.com,10
mx-host=another-domain.de,mail.example.com,10

# TXT records (SPF, DKIM, fun etc.)
# ----------------------------------------------------------------------------
# A note for the MX
txt-record=mail.example.com,"No, this is not a Microsoft Exchange server..."
# SPF and DKIM records
txt-record=fqdn.of.rootserver.com,"v=spf1 +a +mx -all"
txt-record=example.com,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.com,"v=DKIM1; k=rsa; p=..."
txt-record=example.org,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.org,"v=DKIM1; k=rsa; p=..."
txt-record=example.net,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.net,"v=DKIM1; k=rsa; p=..."
txt-record=another-domain.de,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.another-domain.de,"v=DKIM1; k=rsa; p=..."

# CNAME records
# ----------------------------------------------------------------------------
# Subdomains of example.com
cname=subdomain1.example.com,example.com
cname=subdomain2.example.com,example.com
cname=subdomain3.example.com,example.com
# www. and ftp. for all domains
cname=www.example.com,example.com
cname=ftp.example.com,example.com
cname=www.example.org,example.org
cname=ftp.example.org,example.org
cname=www.example.net,example.net
cname=ftp.example.net,example.net
cname=www.another-domain.de,another-domain.de
cname=ftp.another-domain.de,another-domain.de

# End
# ----------------------------------------------------------------------------

ref: https://www.onderka.com/computer-und-netzwerk/autoritativer-dns-server-mit-dnsmasq/

Issues

Dynamic DNS

Dynamic DNS is not supported externally. [1]

keywords