Dnsmasq for easy LAN DNS services

Dnsmasq is a lightweight DNS, DNS caching, DHCP and TFTP server. It is intended to provide reliable services in small networks. Dnsmasq accepts DNS queries and either answers them from a local cache or forwards them to an upstream, recursive, DNS server. Versatile! It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS catalog can be resolved and also answers DNS queries for DHCP configured hosts. I will be using Dnsmasq to cache dnscrypt-proxy requests in my LAN while providing DNS services and resolution for all clients in the network.

Earlier, we used dnscrypt-proxy to encrypt and secure our DNS requests before leaving our network. Now we are going to give DNS resolution a good boost by caching DNS queries locally, which in turn should also give you a better browsing experience overall plus allowing you to resolve hostnames via DNS in your network. DNS resolution also impacts your Internet speeds. The Internet relies on a network of DNS servers which are used to translate certain URLs (like unlockforus.com) into IP addresses, so having a local DNS cache in your LAN is more than just a geeky thing. If you have ever used public DNS servers (Google DNS servers, OpenDNS, etc.) with the idea of speeding up your browsing, just wait until you hit your own DNS cache locally.

Getting Ready

We want Dnsmasq to provide DNS resolution, DNS cache and DHCP services in our network. With that in mind,  make sure to disable these services in your home network gear (often your home router) before running Dnsmasq, specially DHCP server services. You do not want two DHCP servers advertising and broadcasting the same network scope… it will result in collisions and catastrophe.

You’ll  be offloading those services currently provided by your limited home router hardware off to a more robust box in your network.

Prepare your soon to be DNS, DHCP Server

Update /etc/hosts file configuration. Note that we already defining in that file the local domain name as unlockforus.lan and the static IP address of the server I have commented out because Dnsmasq will be reading this file later on and we don’t want LAN machines to resolve our server as (loopback interface). Do not forget to use your own LAN domain name instead as well as updating IP addresses accordingly 😉

sudo vi /etc/hosts localhost
# svr-mars svr-mars.unlockforus.lan svr-mars
sudo vi /etc/hostname


Installing Dnsmasq

From Terminal:

# Install Dnsmasq
sudo apt-get install dnsmasq
# Stop Dnsmasq service
sudo service dnsmasq stop
# Backup default configuration
sudo cp /etc/dnsmasq.conf /etc/dnsmask.bak

Now, let’s configure the network interface and verify we are using a static IP address for the server. Edit /etc/network/interfaces

sudo vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# iface eth0 inet dhcp
iface eth0 inet static
dns-search unlockforus.lan

If you have made changes to your configurations so far, reboot your server at this point.

sudo reboot now!

Configure Dnsmasq

sudo vi /etc/dnsmasq.conf
# Configuration file for dnsmasq.
# DHCP Configuration Options
# log-dhcp # Uncomment if you wish to log dhcp
# dhcp-host=88:db:96:1d:20:c9,livingroom-pc,
# dhcp-host=00:15:94:85:bc:35,printer,

Reconfigure dnscrypt-proxy

# Stop dnscrypt-proxy
sudo service dnscrypt-proxy stop
sudo vi /etc/default/dnscrypt-proxy
# local IP address the daemon will listen to

Save your changes, restart dnscrypt-proxy and dnsmasq services and test drive your new setup.

Dnsmasq + dnscrypt-proxy should now be fully functional in your server box. DNS queries are now going to be cached locally, or they’ll be passed over to the upstream resolver if not found in the local cache as follow:

Client PC => dnsmasq port 53 => dnscrypt-proxy port 2053 => Dnscrypt upstream resolver

Dnsmasq will also resolve local DNS hostnames in your LAN, plus it won’t pass unsolvable local hostnames to upstream resolver.

Finally, let’s test our local DNS cache which is in part what we wanted all along:

In your server box:

dig yahoo.es

The query should take longer to be resolved the first time… dnsmasq will check its cache and it will pass the query to dnscrypt-proxy when not found in its cache:

dnsmasq no cached

Once resolved, dnsmaq cache kicks in and queries are served from cache, therefore speeding up DNS resolution dramatically:


What should we do next to further improve our browsing experience? What about a Squid proxy?

Related Post

Numlock in Linux Mint Let's see; you want Numlock to be on (enabled) when the system starts. After all, if your password has numbers it's annoying to find out you can't log...
Samba share in Linux Mint 17.x Linux Mint UserShares are undoubtedly simple to create, but how about ClassicShares (samba shares)? There is a small difference between these two a...
Make DuckDuckGo Chrome’s default search engi... So, you want to deploy the search engine that doesn't track you as the default search engine for your users. Here is a quick How-To make DuckDuckGo Ch...

Leave a Reply