Posted in

DNSmasq

0

Comprehensive Guide to DNSmasq on Ubuntu

DNSmasq is a lightweight, versatile DNS forwarder and DHCP server designed for small-scale networks. It’s ideal for home networks, small business setups, and even small cloud environments. Below, we provide a detailed guide covering installation, configuration, stabilization, and monitoring.

1. Installation

Step 1: Update Your System

Ensure your system is up-to-date:

sudo apt update && sudo apt upgrade -y

Step 2: Install DNSmasq

Install DNSmasq using the following command:

sudo apt install dnsmasq -y

Step 3: Verify Installation

Check if DNSmasq is installed successfully:

dnsmasq --version

2. Configuration

DNSmasq’s configuration is primarily handled through its configuration file located at /etc/dnsmasq.conf. Each section is essential for DNS and DHCP functions. Below is a detailed breakdown.

Step 1: Backup the Default Configuration

Before making changes, back up the default configuration:

sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.backup

Step 2: DNS Configuration

Edit the configuration file:

sudo nano /etc/dnsmasq.conf

Key DNS Parameters:

  • Specify Upstream DNS Servers: Use Google DNS as an example: 
    server=8.8.8.8
server=8.8.4.4
  • Enable Caching: Define cache size: 
    cache-size=1000
  • Log DNS Queries: Enable logging for troubleshooting: 
    log-queries
log-facility=/var/log/dnsmasq.log
  • Define Local Domains: For local resolution: 
    local=/mydomain.local/
address=/mydomain.local/192.168.1.1

Step 3: DHCP Configuration

Enable DHCP server functionality if needed:

dhcp-range=192.168.1.50,192.168.1.100,12h

Advanced DHCP Options:

  • Set Default Gateway: 
    dhcp-option=3,192.168.1.1
  • Set DNS Server for Clients: 
    dhcp-option=6,8.8.8.8,8.8.4.4
  • Assign Static IPs: 
    dhcp-host=aa:bb:cc:dd:ee:ff,192.168.1.10

Step 4: Secure DNSmasq

  • Prevent DNS Amplification Attacks: 
    no-resolv
interface=eth0
bind-interfaces
  • Limit Service to Specific Interfaces: 
    listen-address=127.0.0.1,192.168.1.1

3. Professional Tips for Stability

Tip 1: Use Systemd to Ensure Stability

Enable and start DNSmasq to start at boot:

sudo systemctl enable dnsmasq
sudo systemctl start dnsmasq

Verify the service status:

sudo systemctl status dnsmasq

Tip 2: Monitor Logs

Regularly monitor logs to catch errors early:

tail -f /var/log/dnsmasq.log

Tip 3: Set Up Redundancy

Consider running multiple DNSmasq instances in separate environments for high availability. You can combine this with a failover strategy using tools like Keepalived.

Tip 4: Regularly Update the System

To prevent vulnerabilities, keep your system updated:

sudo apt update && sudo apt upgrade -y

4. Monitoring DNSmasq

Option 1: Use systemd-journal

Monitor DNSmasq directly:

journalctl -u dnsmasq

Option 2: Use Monitoring Tools

  • Nagios: Create a custom plugin to check the DNSmasq service and response times.
  • Prometheus: Use node exporters to gather metrics and monitor system-level performance.

Option 3: Setup Alerts for Downtime

Use tools like Grafana with Prometheus to set up alerts for DNSmasq downtime or errors.

5. Testing DNSmasq

Step 1: Check DNS Resolution

Run a query to test DNS resolution:

dig example.com @127.0.0.1

Step 2: Verify DHCP

Check if the DHCP server assigns IP addresses correctly:

sudo tail -f /var/log/syslog

Look for DHCP-related logs.

6. Restarting DNSmasq After Changes

Whenever you make configuration changes, restart DNSmasq:

sudo systemctl restart dnsmasq

7. Uninstalling DNSmasq

If you ever need to remove DNSmasq:

sudo apt purge dnsmasq -y

Remove configuration files:

sudo rm -rf /etc/dnsmasq.conf /var/log/dnsmasq.log

With these steps, you can install, configure, stabilize, and monitor DNSmasq effectively on Ubuntu. This ensures a robust and professional setup tailored to your network needs.

Leave a Reply

Your email address will not be published. Required fields are marked *