If you need name resolution (DNS) for a small network or home lab, Dnsmasq is worth investigating.
💻 Runs on Linux, macOS.
📦 Simple package install with apt-get (on ubuntu linux).
📛 Provides DNS and DHCP services - I'm just running DNS here.
The only downside I've encountered so far is that, while the man page is detailed, some user produced 'how to' guides use various different ways to configure the setup for Dnsmasq.
I've documented the steps that worked for me.
Requirements
- I'm building a private Public Key Infrastructure in my home lab.
- For the lab I need name resolution.
- I'm learning and documenting as I go, all servers and their configurations should to be disposable.
- I'd like an approach that allows quick and easy updates to DNS records.
I've found that Dnsmasq is a good fit for my requirements.
Here's my install notes for a simple two server install using Dnsmasq for DNS only. I cover IPv4 & A records only but Dnsmasq supports IPv6:
Dnsmasq Install Step-by-Step
- Build two linux server VMs, I'm using Ubuntu 20.04.1.
-
Update and upgrade
sudo apt-get update && sudo apt-get -y install
-
Use Netplan (or whichever approach you prefer) to statically configure IP addresses, default gateway, name servers and search domain. See here if you need more information on Netplan.
Note: On all server that are not running Dnsmasq, point their name server configuration to the Dnsmasq server IP address.
Here's an example Netplan YAML file:
network: ethernets: eth0: dhcp4: False addresses: - 192.168.1.21/16 - "2001:db8:2::21/64" gateway4: 192.168.1.254 gateway6: "2001:db8:2::99" nameservers: search: [zola.home] addresses: [192.168.1.20] version: 2
-
On the name server, install Dnsmasq
sudo apt-get -y install dnsmasq
-
The package will attempt to start Dnsmasq, this will fail because the port is in use already. This is fine and we will fix later.
Dec 16 10:59:59 name-1 dnsmasq[1165]: dnsmasq: failed to create listening socket for port 53: Address already in use Dec 16 10:59:59 name-1 dnsmasq[1165]: failed to create listening socket for port 53: Address already in use Dec 16 10:59:59 name-1 dnsmasq[1165]: FAILED to start up
-
Now turn off the systemd-resolved and delete the resolved config file.
sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved sudo rm -v /etc/resolv.conf
-
Configure Dnsmasq config file
/etc/dnsmasq.conf
.
Here's a sample config file:
# Never forward plain names (without a domain) domain-needed # Turn off DHCP on eth0 no-dhcp-interface=eth0 # Never forward addresses in the non-routable address space (RFC1918) bogus-priv # Add domain to host names expand-hosts # Domain to be added if expand-hosts is set domain=zola.home # Local domain to be served from /etc/hosts file local=/zola.home/ # Don't read /etc/resolv.conf (I deleted it). Get the external name server from this file, see 'server' below no-resolv # External server, works with no-resolv server=8.8.8.8
-
Update the Dnsmasq server /etc/hosts file with the name and IP address of the hosts you wish to resolve.
127.0.0.1 localhost 192.168.1.20 name-1 192.168.1.21 server-2
-
Start and Enable the Dnsmasq service.
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
-
To test: ping from the Dnsmasq server to an external site, itself and a neighbouring server. Do the same on Server-2.
joe@server-2:~$ ping name-1 PING name-1.zola.home (192.168.1.20) 56(84) bytes of data. 64 bytes from name-1.zola.home (192.168.1.20): icmp_seq=1 ttl=64 time=0.152 ms 64 bytes from name-1.zola.home (192.168.1.20): icmp_seq=2 ttl=64 time=0.221 ms ^C --- name-1.zola.home ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1023ms rtt min/avg/max/mdev = 0.152/0.186/0.221/0.034 ms
Top comments (1)
What happen if you left domain field empty?