How to Setup Local DNS Resolver using Dnsmasq on Ubuntu 20.04
Dnsmasq stands for "short for DNS masquerade" is a simple, lightweight and easy to use DNS forwarder used for a small network. It can be configured as a DNS cache and DHCP server and supports both IPv4 and IPv6 protocol. When it receives any DNS queries, it will answer them from its cache or forward to the different DNS server.
Dnsmasq is made from three subsystems:
- DNS subsystem : It is used for caching different records type including, A, AAAA, CNAME and PTR.
- DHCP subsystem : It supports DHCPv4, DHCPv6, BOOTP and PXE
- Router Advertisement subsystem : It provides basic autoconfiguration for IPv6 hosts. It can be used stand-alone or in conjunction with DHCPv6.
In this tutorial, we will show you how to set up a local DNS server with Dnsmasq on Ubuntu 20.04 server.
Prerequisites
- A server running Ubuntu 20.04.
- A root password is configured the server.
Getting Started
First, it is recommended to update your system packages to the latest version. You can update all packages by running the following command:
apt-get update -y
After updating all the packages, you will need to disable Systemd-resolved service in your system. Systemd-resolved service is used for network name resolution to local applications.
You can disable it by running the following command:
systemctl disable --now systemd-resolved
Once the service is disabled, you will need to remove the default resolv.conf file and create a new one with your custom DNS server details.
You can remove the default resolv.conf file with the following command:
rm -rf /etc/resolv.conf
Next, add the Google DNS server to the resolv.conf file with the following command:
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Once you are finished, you can proceed to the next step.
Install Dnsmasq
By default, Dnsmasq is available in the Ubuntu 20.04 default repository. You can install it by just running the following command:
apt-get install dnsmasq dnsutils ldnsutils -y
Once the installation has been finished, Dnsmasq services will be started automatically. You can check the status of the Dnsmasq with the following command:
systemctl status dnsmasq
You should get the following output:
dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-11-02 11:02:01 UTC; 15s ago Main PID: 17726 (dnsmasq) Tasks: 1 (limit: 2282) Memory: 868.0K CGroup: /system.slice/dnsmasq.service ??17726 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e> Nov 02 11:02:12 ubuntu2004 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... Nov 02 11:02:12 ubuntu2004 dnsmasq[17705]: dnsmasq: syntax check OK. Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: started, version 2.80 cachesize 150 Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: DNS service limited to local subnets Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfi> Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: reading /etc/resolv.conf Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: using nameserver 8.8.8.8#53 Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: read /etc/hosts - 7 addresses Nov 02 11:02:12 ubuntu2004 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Once you are done, you can proceed to the next step.
Configure Dnsmasq
Next, you will need to configure Dnsmasq as a local DNS server. You can do it by editing the Dnsmasq main configuration file:
nano /etc/dnsmasq.conf
Change the following lines:
port=53 domain-needed bogus-priv listen-address=127.0.0.1,your-server-ip expand-hosts domain=dns-example.com cache-size=1000
Save and close the file when you are finished.
Next, you will need to add your server ip address as the primary nameserver in your resolv.conf file. You can add it with the following command:
nano /etc/resolv.conf
Add the following line above the line "nameserver 8.8.8.8":
nameserver your-server-ip
Save and close the file when you are finished. Next, verify the server for any configuration error with the following command:
dnsmasq --test
If everything is fine, you should get the following output:
dnsmasq: syntax check OK.
Finally, restart the Dnsmasq service to apply the changes:
systemctl restart dnsmasq
At this point, Dnsmasq is started and listening on port 53. You can verify it with the following command:
ss -alnp | grep -i :53
You should get the following output:
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("dnsmasq",pid=41051,fd=4)) udp UNCONN 0 0 [::]:53 [::]:* users:(("dnsmasq",pid=41051,fd=6)) tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("dnsmasq",pid=41051,fd=5)) tcp LISTEN 0 32 [::]:53 [::]:* users:(("dnsmasq",pid=41051,fd=7))
Add DNS Records to Dnsmasq Server
Next, you will need to edit your /etc/hosts file and add the local DNS server entry.
nano /etc/hosts
Add the following line:
your-server-ip host1.dns-example.com
Save and close the file when you are finished.
Verify Dnsmasq Server Resolution
At this point, Dnsmasq is installed and configured. Not, it's time to verify DNS resolution.
You can use dig command to check the DNS resolution as shown below:
dig host1.dns-example.com +short
If everything is fine, you should see your server ip in the following output:
your-server-ip
You can also verify external DNS resolution with the following command:
dig howtoforge.com +short
You should get the following output:
172.67.68.93 104.26.3.165 104.26.2.165
Configure Remote Client to Use Dnsmasq DNS Server
Next, you will need to configure a remote client to use your Dnsmasq DNS server as the default DNS server.
First, install DNS tools with the following command:
apt-get install dnsutils ldnsutils -y
Once installed, you will need to edit the /etc/resolv.conf file and your Dnsmasq DNS server entry.
nano /etc/resolv.conf
Add the following line at the beginning of the file:
nameserver your-server-ip
Save and close the file when you are finished.
Next, verify the local DNS resolution with the following command:
dig host1.dns-example.com
You should see the following output:
; DiG 9.9.5-3ubuntu0.4-Ubuntu host1.dns-example.com ;; global options: +cmd ;; Got answer: ;; HEADER opcode: QUERY, status: NOERROR, id: 26401 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;host1.dns-example.com. IN A ;; ANSWER SECTION: host1.dns-example.com. 0 IN A 45.58.32.165 ;; Query time: 301 msec ;; SERVER: 45.58.32.165#53(45.58.32.165) ;; WHEN: Mon Nov 02 16:49:37 IST 2020 ;; MSG SIZE rcvd: 66
Next, you will need to verify your DNS server for caching. You can check it using the drill utility.
First, run the following command:
drill google.com | grep "Query time"
You should see the following output:
;; Query time: 290 msec
Next, run the command again to check whether caching is working or not:
drill google.com | grep "Query time"
You should see that query time is now decreasing to 4 msec:
;; Query time: 4 msec
Conclusion
Congratulations! you have successfully installed and configured Dnsmasq as a local DNS server and Ubuntu 20.04. I hope you can now easily implement it in your local network for name resolution.