CINXE.COM

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/htdocs/favicon.ico"> <script type="text/javascript" src="/htdocs/bugstatus.js"></script> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> <meta name="robots" content="noindex,nofollow"> <title>dnsmasq - Debian Wiki</title> <script type="text/javascript" src="/htdocs/common/js/common.js"></script> <script type="text/javascript">  </script> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debwiki/css/common.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="screen" href="/htdocs/debwiki/css/screen.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="print" href="/htdocs/debwiki/css/print.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="projection" href="/htdocs/debwiki/css/projection.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debian-wiki-1.0.css">   <link rel="alternate" title="Debian Wiki: dnsmasq" href="/dnsmasq?diffs=1&show_att=1&action=rss_rc&unique=0&page=dnsmasq&ddiffs=1" type="application/rss+xml"> <link rel="Start" href="/FrontPage"> <link rel="Alternate" title="Wiki Markup" href="/dnsmasq?action=raw"> <link rel="Alternate" media="print" title="Print View" href="/dnsmasq?action=print"> <link rel="Search" href="/FindPage"> <link rel="Index" href="/TitleIndex"> <link rel="Glossary" href="/WordIndex"> <link rel="Help" href="/HelpOnFormatting"> </head> <body lang="en" dir="ltr"> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="header"> <div id="wikisection"> <a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a> <div id="username"><a href="/dnsmasq?action=login" id="login" rel="nofollow">Login</a></div> </div> <div id="navbar"> <ul id="navibar"> <li class="wikilink"><a href="/FrontPage">FrontPage</a></li><li class="wikilink"><a href="/RecentChanges">RecentChanges</a></li><li class="wikilink"><a href="/FindPage">FindPage</a></li><li class="wikilink"><a href="/HelpContents">HelpContents</a></li><li class="current"><a href="/dnsmasq">dnsmasq</a></li> </ul> </div> <form id="searchform" method="get" action="/dnsmasq"> <div> <input type="hidden" name="action" value="fullsearch"> <input type="hidden" name="context" value="180"> <label for="searchinput">Search:</label> <input id="searchinput" type="text" name="value" value="" size="20" onfocus="searchFocus(this)" onblur="searchBlur(this)" onkeyup="searchChange(this)" onchange="searchChange(this)" alt="Search"> <input id="titlesearch" name="titlesearch" type="submit" value="Titles" alt="Search Titles"> <input id="fullsearch" name="fullsearch" type="submit" value="Text" alt="Search Full Text"> </div> </form> <script type="text/javascript">  </script> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="breadcrumbs"><a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a>/ </div> <ul class="editbar"><li><a href="/dnsmasq?action=login" id="login-1" rel="nofollow">Login</a></li><li class="toggleCommentsButton" style="display:none;"><a href="#" class="nbcomment" onClick="toggleComments();return false;">Comments</a></li><li><a class="nbinfo" href="/dnsmasq?action=info" rel="nofollow">Info</a></li><li><a class="nbattachments" href="/dnsmasq?action=AttachFile" rel="nofollow">Attachments</a></li><li> <form class="actionsmenu" method="GET" action="/dnsmasq"> <div> <label>More Actions:</label> <select name="action" onchange="if ((this.selectedIndex != 0) && (this.options[this.selectedIndex].disabled == false)) { this.form.submit(); } this.selectedIndex = 0;"> <option value="raw">Raw Text</option> <option value="print">Print View</option> <option value="RenderAsDocbook">Render as Docbook</option> <option value="show" disabled class="disabled">Delete Cache</option> <option value="show" disabled class="disabled">------------------------</option> <option value="SpellCheck">Check Spelling</option> <option value="LikePages">Like Pages</option> <option value="LocalSiteMap">Local Site Map</option> <option value="show" disabled class="disabled">------------------------</option> <option value="RenamePage" disabled class="disabled">Rename Page</option> <option value="DeletePage" disabled class="disabled">Delete Page</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Subscribe User</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Remove Spam</option> <option value="show" disabled class="disabled">Revert to this revision</option> <option value="PackagePages">Package Pages</option> <option value="show" disabled class="disabled">------------------------</option> <option value="Load">Load</option> <option value="Save">Save</option> <option value="SlideShow">SlideShow</option> </select> <input type="submit" value="Do"> </div> <script type="text/javascript">  </script> </form> </li></ul> <h1 id="locationline"> <ul id="pagelocation"> <li><a href="/dnsmasq">dnsmasq</a></li> </ul> </h1> </div> <div id="page" lang="en" dir="ltr"> <div dir="ltr" id="content" lang="en"> <a href="/DebianWiki/EditorGuide#translation">Translation(s)</a>: none <hr /> <div class="table-of-contents">Contents<ol><li> <a href="#Basic_DNS_Setup">Basic DNS Setup</a></li><li> <a href="#Choosing_Your_Interfaces">Choosing Your Interfaces</a></li><li> <a href="#Basic_DHCP_Setup">Basic DHCP Setup</a></li><li> <a href="#Local_Caching">Local Caching</a></li><li> <a href="#Local_Caching_using_NetworkManager">Local Caching using NetworkManager</a></li><li> <a href="#dnsmasq_with_dnscrypt-proxy">dnsmasq with dnscrypt-proxy</a></li><li> <a href="#See_Also">See Also</a></li></ol></li></ol></div> <ul><li style="list-style-type:none">Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP for network booting of diskless machines (source: from the <a class="interwiki" href="https://packages.debian.org/dnsmasq" title="DebianPkg">package description</a>). </li></ul> <h2 id="Basic_DNS_Setup">Basic DNS Setup</h2> First things first, let's install the package: <pre>apt-get update apt-get install dnsmasq</pre>If your goal was to set up a simple DNS server, you just succeeded. To test it, use your favorite DNS lookup tool pointed at localhost: <pre>dig debian.org @localhost</pre> or <pre>nslookup debian.org localhost</pre>By default, DNS is configured to forward all requests to your system's default DNS settings. In case you didn't know, these are stored in the <tt>/etc/resolv.conf</tt> file. See <a class="http" href="http://www.debian.org/doc/manuals/debian-reference/ch05">Debian Reference</a> or the <a class="interwiki" href="https://manpages.debian.org/man/5/resolv.conf" title="DebianMan">resolv.conf(5)</a> man page for more details. Now, if you want to add some names for your DNS server to resolve for your clients, simply add them to your <tt>/etc/hosts</tt> file. <h2 id="Choosing_Your_Interfaces">Choosing Your Interfaces</h2> One you will probably want to do is tell dnsmasq which ethernet interface it can and cannot listen on, as we really don't want it listening on the internet. Around line 69 of the <tt>/etc/dnsmasq.conf</tt> file, you will see: <pre>#interface=</pre>Uncomment the line and specify which ethernet interface(s) you want it server IPs to. For example, if I want it to listen on eth1 (my DMZ) and eth2 (my local network), then it should look like: <pre>interface=eth1 interface=eth2</pre>If I didn't edit this line, it would also listen on eth0, my internet connection. I personally wouldn't recommend this, as it gives those evil guys a few doors to try to break into. <h2 id="Basic_DHCP_Setup">Basic DHCP Setup</h2> By default, DHCP is turned off. This is a good thing, as you could bring down whatever network you are connected to if you are not careful. To enable it, there is at least one line will need to edit in the <tt>/etc/dnsmasq.conf</tt> file. Around line 143, you will see: <pre>#dhcp-range=192.168.0.50,192.168.0.150,12h</pre>To enable the DHCP server, you will need to give it a range of IP addresses to hand out. In the example above, this server would hand out 101 address starting at 192.168.0.50 and ending at 192.168.0.150. The last number is how long the DHCP leases are good for. In this example, they would be good for twelve hours. Since I have two different networks that need DHCP, I'm going to change that line to: <pre>dhcp-range=eth1,192.168.100.100,192.168.100.199,4h dhcp-range=eth2,192.168.200.100,192.168.200.199,4h</pre>Notice the "eth1" and "eth2" labels in the lines above? They aren't necessary, but definitely help once you start playing with more advanced configurations. It also helps me remember which range is which. Now restart your dnsmasq server, connect up a few clients, and see if they autoconfigure themselves: <pre>/etc/init.d/dnsmasq restart</pre> <h2 id="Local_Caching">Local Caching</h2> Using dnsmasq to cache DNS queries for the local machine is a bit tricky (unless you're using <a href="/NetworkManager">NetworkManager</a>, see below), since all DNS queries from the local machine need to go to dnsmasq, while at the same time, dnsmasq must be configured to forward all those queries to upstream DNS servers. <ul><li style="list-style-type:none"><img alt="<!>" height="16" src="/htdocs/debwiki/img/attention.png" title="<!>" width="16" /> Do not use this configuration if you use different network (e.g If you use a laptop!) </li></ul>The <a class="interwiki" href="https://manpages.debian.org/man/8/dnsmasq" title="DebianMan">dnsmasq(8)</a> man page suggests the following: <ul><li style="list-style-type:none">In order to configure dnsmasq to act as cache for the host on which it is running, put "nameserver 127.0.0.1" in /etc/resolv.conf to force local processes to send queries to dnsmasq. Then either specify the upstream servers directly to dnsmasq using --server options or put their addresses real in another file, say /etc/resolv.dnsmasq and run dnsmasq with the -r /etc/resolv.dnsmasq option. This second technique allows for dynamic update of the server addresses by PPP or DHCP. </li></ul>There is, however, a simpler method; simply ensure that the machine's list of nameservers contains the line <tt>nameserver 127.0.0.1</tt> as the first line, followed by the upstream nameservers. dnsmasq is smart enough to ignore this line and forward all queries appropriately, while all other applications will send all their queries to dnsmasq. Exactly how to do this depends on the method(s) of network configuration in use. If you're manually hardcoding the nameservers (either in <tt>/etc/resolv.conf</tt> or elsewhere, such as a stanza in <tt>/etc/network/interfaces</tt> or in the Wicd GUI), then just add a reference to <tt>127.0.0.1</tt> as the first entry in the list. If you're using DHCP, then instruct your client to prepend <tt>127.0.0.1</tt> to the DHCP servers it receives. E.g., with dhclient, include the line <pre>prepend domain-name-servers 127.0.0.1;</pre>in the dhclient configuration file (<tt>/etc/dhcp3/dhclient.conf</tt>). [On my Sid system, the default configuration file shipped with the package contains that line, but commented out.] Note that if you plan to use dnsmasq for the local system only, you should lock it down by adding the line <pre>listen-address=127.0.0.1</pre>to the dnsmasq configuration file (<tt>/etc/dnsmasq.conf</tt>). <h2 id="Local_Caching_using_NetworkManager">Local Caching using NetworkManager</h2> Set this in <tt>/etc/NetworkManager/NetworkManager.conf</tt>: <pre>[main] dns=dnsmasq</pre>and restart network-manager service. <h2 id="dnsmasq_with_dnscrypt-proxy">dnsmasq with dnscrypt-proxy</h2> dnsmasq combined with dnscrypt-proxy provide caching, encryption and server-side authentication. Useful to protect a laptop from potentially hostile networks. <pre>apt-get install dnsmasq dnscrypt-proxy ## Configure /etc/resolv.conf to use dnsmasq nameserver 127.0.0.1 ## Configure /etc/dnsmasq.conf # ignore resolv.conf no-resolv # Listen only on localhost listen-address=127.0.0.1 # dnscrypt is on port 40 server=127.0.0.1#40 ## Configure /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket with the following 5 lines if you are using systemd [Socket] ListenStream= ListenDatagram= ListenStream=127.0.0.1:40 ListenDatagram=127.0.0.1:40 ## restart both daemons</pre> <h2 id="See_Also">See Also</h2> <ul><li><a class="http" href="http://www.debian.org/doc/manuals/debian-reference/ch05">http://www.debian.org/doc/manuals/debian-reference/ch05</a> - Debian Reference: Chapter 5. Network setup </li><li><a class="http" href="http://www.thekelleys.org.uk/dnsmasq/doc.html">http://www.thekelleys.org.uk/dnsmasq/doc.html</a> - dnsmasq home page </li></ul><hr /> <a href="/CategoryNetwork">CategoryNetwork</a> | <a href="/CategorySoftware">CategorySoftware</a> | <a href="/CategorySystemAdministration">CategorySystemAdministration</a> </div><div id="pagebottom"></div> </div> <div id="footer"> dnsmasq (<a class="nbinfo" href="/dnsmasq?action=info" rel="nofollow">last modified 2024-04-19 17:16:07</a>) <ul id="credits"> <li>Debian <a href="https://www.debian.org/legal/privacy">privacy policy</a>, Wiki <a href="/Teams/DebianWiki">team</a>, <a href="https://bugs.debian.org/wiki.debian.org">bugs</a> and <a href="https://salsa.debian.org/debian/wiki.debian.org">config</a>.</li><li>Powered by <a href="https://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin</a> and <a href="https://moinmo.in/Python" title="MoinMoin is written in Python.">Python</a>, with hosting provided by <a href="https://www.man-da.de/">Metropolitan Area Network Darmstadt</a>.</li> </ul> </div> </body> </html>