dnsmasq

Dnsmasq for easy LAN DNS services

Dnsmasq is a lightweight DNS, DNS caching, DHCP and TFTP server. It is intended to provide reliable services in small networks. Dnsmasq accepts DNS queries and either answers them from a local cache or forwards them to an upstream, recursive, DNS server. Versatile! It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS catalog can be resolved and also answers DNS queries for DHCP configured hosts. I will be using Dnsmasq to cache dnscrypt-proxy requests in my LAN while providing DNS services and resolution for all clients in the network.

Earlier, we used dnscrypt-proxy to encrypt and secure our DNS requests before leaving our network. Now we are going to give DNS resolution a good boost by caching DNS queries locally, which in turn should also give you a better browsing experience overall plus allowing you to resolve hostnames via DNS in your network. DNS resolution also impacts your Internet speeds. The Internet relies on a network of DNS servers which are used to translate certain URLs (like unlockforus.com) into IP addresses, so having a local DNS cache in your LAN is more than just a geeky thing. If you have ever used public DNS servers (Google DNS servers, OpenDNS, etc.) with the idea of speeding up your browsing, just wait until you hit your own DNS cache locally.

Getting Ready

We want Dnsmasq to provide DNS resolution, DNS cache and DHCP services in our network. With that in mind,  make sure to disable these services in your home network gear (often your home router) before running Dnsmasq, specially DHCP server services. You do not want two DHCP servers advertising and broadcasting the same network scope… it will result in collisions and catastrophe.

You’ll  be offloading those services currently provided by your limited home router hardware off to a more robust box in your network.

Prepare your soon to be DNS, DHCP Server

Update /etc/hosts file configuration. Note that we already defining in that file the local domain name as unlockforus.lan and the static IP address of the server 192.168.1.6. I have commented out 127.0.1.1 because Dnsmasq will be reading this file later on and we don’t want LAN machines to resolve our server as 127.0.1.1 (loopback interface). Do not forget to use your own LAN domain name instead as well as updating IP addresses accordingly 😉

sudo vi /etc/hosts
127.0.0.1 localhost
#127.0.1.1 svr-mars
192.168.1.6 svr-mars.unlockforus.lan svr-mars
sudo vi /etc/hostname
svr-mars

 

Installing Dnsmasq

From Terminal:

# Install Dnsmasq
sudo apt-get install dnsmasq
# Stop Dnsmasq service
sudo service dnsmasq stop
# Backup default configuration
sudo cp /etc/dnsmasq.conf /etc/dnsmask.bak

Now, let’s configure the network interface and verify we are using a static IP address for the server. Edit /etc/network/interfaces

sudo vi /etc/network/interfaces
...
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.6
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 127.0.0.1
dns-search unlockforus.lan

If you have made changes to your configurations so far, reboot your server at this point.

sudo reboot now!

Configure Dnsmasq

sudo vi /etc/dnsmasq.conf
# Configuration file for dnsmasq.
#
port=53
domain-needed
bogus-priv
no-resolv
no-poll
server=/unlockforus.lan/192.168.1.6
server=/1.168.192.in-addr.arpa/192.168.1.6
address=/double-click.net/127.0.0.1
listen-address=127.0.0.1,192.168.1.6
bind-interfaces
expand-hosts
domain=unlockforus.lan
dns-forward-max=250
cache-size=5000
neg-ttl=3600
# FORWARD TO DNSCRYPT-PROXY
#
server=127.0.0.2#2053
# DHCP Configuration Options
#
dhcp-authoritative
dhcp-range=192.168.1.2,192.168.1.254,255.255.255.0,12h
dhcp-option=option:router,192.168.1.1
# log-dhcp # Uncomment if you wish to log dhcp
# STATIC HOSTS SAMPLE
# dhcp-host=88:db:96:1d:20:c9,livingroom-pc,192.168.1.10
# dhcp-host=00:15:94:85:bc:35,printer,192.168.1.15

Reconfigure dnscrypt-proxy

# Stop dnscrypt-proxy
sudo service dnscrypt-proxy stop
sudo vi /etc/default/dnscrypt-proxy
...
# local IP address the daemon will listen to
local-address:127.0.0.2:2053
...

Save your changes, restart dnscrypt-proxy and dnsmasq services and test drive your new setup.

Dnsmasq + dnscrypt-proxy should now be fully functional in your server box. DNS queries are now going to be cached locally, or they’ll be passed over to the upstream resolver if not found in the local cache as follow:

Client PC => dnsmasq port 53 => dnscrypt-proxy port 2053 => Dnscrypt upstream resolver

Dnsmasq will also resolve local DNS hostnames in your LAN, plus it won’t pass unsolvable local hostnames to upstream resolver.

Finally, let’s test our local DNS cache which is in part what we wanted all along:

In your server box:

dig yahoo.es

The query should take longer to be resolved the first time… dnsmasq will check its cache and it will pass the query to dnscrypt-proxy when not found in its cache:

dnsmasq no cached

Once resolved, dnsmaq cache kicks in and queries are served from cache, therefore speeding up DNS resolution dramatically:

dnsmasq-cached

What should we do next to further improve our browsing experience? What about a Squid proxy?

Related Post

Update Manager status custom icons for Linux Mint I've put together a small set of fresher Linux Mint 17.x (Cinnamon, MATE, Xfce, KDE) Update Manager status icons and I'd like to share it with you :) ...
Definitive fix for Linux Lite 3.x Menu Linux Lite's heavily customized Whisker menu wouldn't be such a problem if proper measures had been put in place during its development; or better sai...
DNS Security with dnscrypt-proxy for your home net... DNSCrypt to the rescue! DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an ...

Leave a Reply