Skip to content

alblue/dnsmasq-example

main
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

This is an example configuration of how to set up DNSMasq for DNS, DHCP and blocking undesired adverts. It is similar to the approach used by pi-hole, but without the requirement to run an HTTP server, and not needing insecure installation operational instructions or in a docker container requiring root and/or admin capabilities in order to execute.

DNSMasq example configuration

DNSMasq home page is http://www.thekelleys.org.uk/dnsmasq/ and questions relating to its use should be directed to the appropriate mailing lists. On Ubuntu systems, dnsmasq can be installed with:

  • apt update; apt -y install dnsmasq

The following configuration files are provided:

  • DNSMasq configuration file
    • Loads all configuration files in /etc/dnsmasq.d/*.conf
  • Blackhole example file
    • Shows how an address can be blackholed at the DNS server
  • Master configuration file
    • Log messages to /var/log/dnsmasq.log (log-facility)
    • Log messages asynchronously (log-async)
    • Only respond on the local interfaces (local-service)
  • DHCP sample configuration file
    • Authoratitve DHCP server (dhcp-authoratitve)
    • Leases in /var/run/dnsmasq.leases (dhcp-leasefile)
    • Send DNS server via IPv6 if enaled (option6:dns-server)
  • DNS
    • Do not forward unqualified names (domain-needed)
    • Do not forward requests for private networks (bogus-priv)
    • Do not read the /etc/resolv.conf file (no-resolv and no-poll)
    • Do not read the /etc/hosts file (no-hosts)
    • Enlarged cache size (cache-size)
    • Local DHCP caches may be cached for 60s (local-ttl)
  • DNS upstream servers (combined or individually)
  • Blocking DNS over HTTP(s) where available
  • DNSSEC configuration, with dnssec enabled
    • Ensure signed DNSSEC entries are correct (dnssec)
    • DNSSEC for unsigned entries not enabled (dnssec-check-unsigned)
    • Load entries from /usr/share/dnsmasq-base/trust-anchors.conf
  • Workarounds

Testing

There is a Dockerfile present which can be used to test dnsmasq configurations. When building the docker image, it will run dnsmasq --test to verify syntax, and when executing, it will run the daemon in foreground mode so that results can be seen as they run.

$ docker build . -t dnsmasq
$ docker run --rm -it --name dnsmasq -v $(PWD)/dnsmasq.d:/etc/dnsmasq.d:ro dnsmasq
$ docker exec -it dnsmasq dig @localhost example.com

About

Example setup for using dnsmasq

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published