Masquarade is a docker DHCP & DNS image able to block tracking, advertising, analytics & malware servers for all devices on your LAN when running in a container.
Masquarade is also able to block undesired webminers servers which could mine crypto money at your expense on your devices.
Masquarade is based on latest Alpine Linux and Dnsmasq. Final image size is ~6MB.
Masquarade use notracking/hosts-blocklists as blocklists source. Blocklists are updated everyday at 2AM (customisable with BLOCKLISTS_UPDATE_SCHEDULE environment variable).
In a terminal with docker, paste below:
docker run -dit \
--name masquarade \
-e TZ="Europe/Paris" \
-e BLOCKLISTS_UPDATE_SCHEDULE='30 3 * * 0' \
-v $(pwd)/masquarade/:/etc/dnsmasq.d/ \
--restart=unless-stopped \
--network host \
--cap-add=NET_ADMIN \
thomaschampagne/masquarade:latestIn this example the blocklists will be updated at 03:30 on Sunday or 30 3 * * 0 in cron format.
Create a docker-compose.yml with following content:
version: "3"
services:
masquarade:
image: thomaschampagne/masquarade:latest
container_name: masquarade
restart: unless-stopped
environment:
- TZ=Europe/Paris
- BLOCKLISTS_UPDATE_SCHEDULE=30 3 * * 0
volumes:
- $PWD/masquarade/:/etc/dnsmasq.d/
network_mode: host
cap_add:
- NET_ADMIN
Then run
docker-compose up -dAnd to stop service
docker-compose downClone this repo, then run:
docker build --no-cache --build-arg VERSION=$(date +%Y%m%d) -t masquarade:yourtag .On startup, Masquarade will create dns.conf & dhcp.conf files into volume /etc/dnsmasq.d/ (only if they don't exists). These two files are dnsmasq related config files.
Edit them according your needs. The dnsmasq manual might help you.
To apply changes, simply restart the container:
docker restart masquarade
or
docker-compose restart masquarade
# Common
domain-needed # Do NOT forward queries with no domain part
bogus-priv # Fake reverse lookups for RFC1918 private address ranges
filterwin2k # Don't forward spurious DNS requests from Windows hosts.
expand-hosts # Expand simple names in /etc/hosts with domain-suffix.
no-negcache # Do NOT cache failed search results
no-resolv # Do NOT read /etc/resolv.conf. @see servers
no-hosts # Do NOT load /etc/hosts file
strict-order # Use nameservers strictly in the order given in /etc/resolv.conf
localise-queries # Answer DNS queries based on the interface a query was sent to.
# Domain, replace with your domain
local=/lan/
domain=lan
# Optionnal: allow resolution of *.yoursubdomain.lan to the same ip_addr
#address=/yoursubdomain.lan/[ip_addr]
# Default forwarders
server=1.1.1.1 # Cloudflare primary, replace with yours
server=1.0.0.1 # Cloudflare secondary, replace with yours
dhcp-authoritative # Assume we are the only DHCP server on the local network
# Scope DHCP
dhcp-range=192.168.0.0,192.168.0.20,24h # Lease time = 24h
# DHCP Options given to each client.
dhcp-option=3,192.168.0.1 # Default Gateway
dhcp-option=1,255.255.255.0 # Netmask
dhcp-option=6,192.168.0.1 # DNS Server (should be your docker host ip)
# Static DHCP config.
# E.g. dhcp-host=[mac_addr],[hostname],[ip_addr]
dhcp-host=aa:bb:cc:dd:ee:ff,myhostname,192.168.0.100
Simply add your .conf file into your mapped volume linked to /etc/dnsmasq.d/. This file must be dnsmasq compliant. The dnsmasq manual might help you.
When done restart your container to apply changes.