Alternative to DHCP & DNS servers = Dnsmasq

Dnsmasq

Software for providing DNS and DHCP services have typically come from ISC in the form of BIND and dhcpd. While these software packages are quite robust and, for the most part, quite secure, there are other alternatives that may work better depending on your situation. For smaller home or office networks, managing BIND and dhcpd may be overkill.

Another alternative solution that provides both services is dnsmasq, which will cache external DNS addresses, provide local DNS names or override external DNS entries, and also provides dynamic IP addresses in the form of DHCP. It can even provide static IP addresses over DHCP, the same as dhcpd, with the only pre-requisite being the MAC address of the system to assign the static IP to.

Most Linux distributions come with dnsmasq packaged, so it is a simple apt-get, yum away. Otherwise, compiling from source is quite easy. Dnsmasq handles DNS setup differently than BIND and other DNS servers. Everything is configured via a single configuration file, /etc/dnsmasq.conf.

When a request comes in, dnsmasq does not look in zone or similar files; it consults /etc/hosts first and then will look externally for addresses by consulting the name server(s) defined in /etc/resolv.conf. This is a quick and easy way to override external DNS addresses by simply defining them in/etc/hosts on the system that is running dnsmasq.

Dnsmasq as DHCP server:

it is quite easy.

To do so, uncomment and set the following options in /etc/dnsmasq.conf:

expand-hosts
domain=sysadminslab.com
dhcp-range=192.168.1.10,192.168.1.100,10h
dhcp-option=3,192.168.1.1

 

This will enable DHCP and set the network domain to “example.com.” The DHCP server will offer addresses between 192.168.1.10 and 192.168.1.100 with a lease of 10 hours. Finally, dhcp-option sets the third (3) DHCP option, which sets the default route, pointing to 192.168.1.1 as the router. There are a lot of dhcp-option values; the configuration file and man pages go through them all with examples.

To set a static IP address for a client, use the dhcp-host keyword:

dhcp-host=11:22:33:44:55:66,host0,192.168.1.10

This will always give the host with the hardware MAC address of 11:22:33:44:55:66 the hostname host0 (.sysadminslab.com) and the IP address 192.168.1.10.

Another useful feature of dnsmasq is that it provides a TFTP server as well. You can enable the TFTP server, point it to the root directory of files to serve, and make use of network booting (PXE).

Dnsmasq provides a number of features that make it a compelling replacement for BIND and dhcpd, or any other DNS or DHCP server software you may be using. It can set default MX records, various caching options, a wide variety of DHCP options, SRV records to provide LDAP information, PTR records, SPF records, and even Zeroconf records.

For small office and home networks, dnsmasq is hard to beat in terms of simplicity and power. The configuration file is loaded with examples and information so, while initial setup for a larger network will require a commitment of some time, it is all very straightforward.

Some options available in dnsmasq are explained below

 

  • interface – Interfaces that the server should listen and provide services.
  • bind-interfaces – Uncomment to bind only on this interface.
  • domain – Replace it with your domain name.
  • dhcp-range – Replace it with IP range defined by your network mask on this segment.
  • dhcp-boot – Replace the IP statement with your interface IP Address.
  • dhcp-option=3,192.168.1.1 – Replace the IP Address with your network segment Gateway.
  • dhcp-option=6,92.168.1.1 – Replace the IP Address with your DNS Server IP – several DNS IPs can be defined.
  • server=8.8.8.8 – Put your DNS forwarders IPs Addresses.
  • dhcp-option=28,10.0.0.255 – Replace the IP Address with network broadcast address –optionally.
  • dhcp-option=42,0.0.0.0 – Put your network time servers – optionally (0.0.0.0 Address is for self-reference).
  • pxe-prompt – Leave it as default – means to hit F8 key for entering menu 60 with seconds wait time..
  • pxe=service – Use x86PC for 32-bit/64-bit architectures and enter a menu description prompt under string quotes. Other values types can be: PC98, IA64_EFI, Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI.
  • enable-tftp – Enables the build-in TFTP server.
  • tftp-root – Use / tftpboot – the location for all netbooting files.

Example configuration given below

dnsmasq

View leases

$ cat /var/lib/misc/dnsmasq.leases

 

Dnsmasq as Local DNS Cache server:

A DNS server resolves human readable domain names into IP addresses. For example, when one requests ubuntu.com, the DNS server finds the IP address for ubuntu.com . One can run a DNS cache on a computer via the steps below. This will shorten the time required to look up domain names when browsing. The difference in time is on the order of hundreds of milliseconds.

After dnsmasq has been installed, use the text editor of choice, such as gedit, nano or vim to edit:

/etc/dnsmasq.conf

Note: in order to save modifications, the editor must be run with administrator permissions, e.g. sudo gedit /etc/dnsmasq.conf . Change the line that looks like (should be around line 90):

 

#listen-address=

to,

listen-address=127.0.0.1

Multiple ip address settings:

listen-address=127.0.0.1,192.168.1.1

Now, edit the file: /etc/resolv.conf

The file should look something like this,

 

search yourisp.com
nameserver 192.168.1.1
nameserver 205.171.3.25
nameserver 205.171.3.26

 

Don’t worry if the above listed nameserver numbers are not the same as what appear in the text editor. But be sure to add the user’s computer as a nameserver at the top of the list:

search yourisp.com
nameserver 127.0.0.1
nameserver 192.168.1.1
nameserver 205.171.3.25
nameserver 205.171.3.26

 

All that is left is to restart dnsmasq so that the changes we made to the configuration file come into effect. We do that via the command:

$ sudo /etc/init.d/dnsmasq restart

Now there is a DNS cache set up on the user’s computer. To do a lookup speed test choose a website that has not been visited since dnsmasq has been started (dig is part of the bind-tools package):

$ dig sysadminslab.com | grep “Query time”

Running the command again will use the cached DNS IP and result in a faster lookup time if dnsmasq is setup correctly:

$ dig sysadminslab.com | grep “Query time”

;; Query time: 18 msec——————-

 

$ dig sysadminslab.com | grep “Query time”

;; Query time: 2 msec

 

Custom Configuration

Custom configurations can be created for dnsmasq by creating configuration files in /etc/NetworkManager/dnsmasq.d/. For example, to change the size of the DNS cache (which is stored in RAM):

/etc/NetworkManager/dnsmasq.d/cachecache-size=1000

More than three nameservers

A limitation in the way Linux handles DNS queries is that there can only be a maximum of three nameservers used in resolv.conf. As a workaround, you can make localhost the only nameserver in resolv.conf, and then create a separate resolv-file for your external nameservers. First, create a new resolv file for dnsmasq:

/etc/resolv.dnsmasq.conf

# Google’s nameservers, for example

nameserver 8.8.8.8

nameserver 8.8.4.4

And then edit /etc/dnsmasq.conf to use your new resolv file:

/etc/dnsmasq.conf

resolv-file=/etc/resolv.dnsmasq.conf