Differences between revisions 1 and 2
Revision 1 as of 2020-11-10 17:59:06
Size: 1147
Editor: DominicRicottone
Comment:
Revision 2 as of 2020-11-10 18:29:32
Size: 2272
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
'''`dnsmasq(8)`''' is a lightweight DNS and DHCP server. '''`dnsmasq(8)`''' is a lightweight DNS server. It also offers DHCP, proxy DHCP, TFTP, PXE... none of which will be described here.
Line 25: Line 25:
A basic configuration file is:

{{{
listen-address=::1,127.0.0.1
cache-size=150

# DNSSEC
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
}}}
Line 27: Line 37:
=== Trusted Forwarding ===
Line 29: Line 38:
`dnsmasq(8)` is ''not'' a recursive DNS server, so trusted (i.e. DNSSEC) forwarding must be setup. Either configure `openresolv(8)` as described in [[Linux/resolvconf.conf|this example]], or manually edit `/etc/resolv.conf` as: === Disable DNS ===

To disable the DNS features of `dnsmasq(8)`, edit `/etc/dnsmasq.conf` such that...

{{{
port=0
}}}



=== Recursive DNS ===

`dnsmasq(8)` is ''not'' a recursive DNS server, so trusted (i.e. DNSSEC) forwarding must be setup. Pursue one of the following configurations:

 1. Configure `openresolv` as described in [[Linux/resolvconf.conf#Example|this example]], and include the below lines in `/etc/dnsmasq.conf`:

{{{
# Configurations generated by `resolvconf(1)`
conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf
}}}

 2.#2 Manually configure `/etc/resolv.conf` like...
Line 37: Line 68:


=== Local-only DNS Cache ===

To use `dnsmasq(8)` strictly locally, ensure that it only listens on the loopback addresses.		  ...and manually configure `/etc/dnsmasq.conf` like...
Line 44: Line 71:
listen-address=::1,127.0.0.1 no-hosts
no-resolv

server=8.8.8.8
server=8.8.4.4
Line 49: Line 80:
=== Local Network DNS === === Network DNS ===
Line 51: Line 82:
To use `dnsmasq(8)` on the local network, ensure that it listens on a private address. To operate `dnsmasq(8)` as a DNS server, ensure that it listens on a private address.
Line 59: Line 90:
=== Overriding Names ===

`dndmasq(8)` offers a search/replace syntax for forcing names to resolve into hardcoded addresses. Specificity wins, so given...

{{{
address=/example.com/1.2.3.4
address=/www.example.com/2.3.4.5
}}}

...`www.example.com` would resolve to `2.3.4.5`.



=== Blacklisting Names ===

To blacklist a name, use the search/replace syntax and return a blank address.

{{{
address=/example.com/
}}}

Managed blacklists can be inserted, as with `conf-file=/etc/dnsmasq.d/blocklist.conf` or `conf-dir=/etc/dnsmasq.d/,*.conf`.

dnsmasq

dnsmasq(8) is a lightweight DNS server. It also offers DHCP, proxy DHCP, TFTP, PXE... none of which will be described here.

Contents

  1. dnsmasq
    1. Installation
    2. Configuration
      1. Disable DNS
      2. Recursive DNS
      3. Network DNS
      4. Overriding Names
      5. Blacklisting Names

Installation

Install the dnsmasq package through your preferred package manager.

For systemd-capable systems, start and enable dnsmasq.service.

Configuration

dnsmasq(8) is configured in /etc/dnsmasq.conf. You can test the configuration using dnsmasq --test.

A basic configuration file is: 

listen-address=::1,127.0.0.1
cache-size=150

# DNSSEC
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec

Disable DNS

To disable the DNS features of dnsmasq(8), edit /etc/dnsmasq.conf such that... 

port=0

Recursive DNS

dnsmasq(8) is not a recursive DNS server, so trusted (i.e. DNSSEC) forwarding must be setup. Pursue one of the following configurations:

  1. Configure openresolv as described in this example, and include the below lines in /etc/dnsmasq.conf: 

# Configurations generated by `resolvconf(1)`
conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf

  1. Manually configure /etc/resolv.conf like... 

127.0.0.1 localhost
::1       localhost
trust-ad

  • ..and manually configure /etc/dnsmasq.conf like... 

no-hosts
no-resolv

server=8.8.8.8
server=8.8.4.4

Network DNS

To operate dnsmasq(8) as a DNS server, ensure that it listens on a private address. 

listen-address=::1,127.0.0.1,192.168.86.1

Overriding Names

dndmasq(8) offers a search/replace syntax for forcing names to resolve into hardcoded addresses. Specificity wins, so given... 

address=/example.com/1.2.3.4
address=/www.example.com/2.3.4.5

...www.example.com would resolve to 2.3.4.5.

Blacklisting Names

To blacklist a name, use the search/replace syntax and return a blank address. 

address=/example.com/

Managed blacklists can be inserted, as with conf-file=/etc/dnsmasq.d/blocklist.conf or conf-dir=/etc/dnsmasq.d/,*.conf.

CategoryRicottone

Dnsmasq (last edited 2023-06-22 20:37:33 by DominicRicottone)