How to Setup Local DNS Resolver using Dnsmasq on Ubuntu 20.04

Dnsmasq stands for "short for DNS masquerade" is a simple, lightweight and easy to use DNS forwarder used for a small network. It can be configured as a DNS cache and DHCP server and supports both IPv4 and IPv6 protocol. When it receives any DNS queries, it will answer them from its cache or forward to the different DNS server.

Dnsmasq is made from three subsystems:

  • DNS subsystem : It is used for caching different records type including, A, AAAA, CNAME and PTR.
  • DHCP subsystem : It supports DHCPv4, DHCPv6, BOOTP and PXE
  • Router Advertisement subsystem : It provides basic autoconfiguration for IPv6 hosts. It can be used stand-alone or in conjunction with DHCPv6.

In this tutorial, we will show you how to set up a local DNS server with Dnsmasq on Ubuntu 20.04 server.

Prerequisites

  • A server running Ubuntu 20.04.
  • A root password is configured the server.

Getting Started

First, it is recommended to update your system packages to the latest version. You can update all packages by running the following command:

apt-get update -y

After updating all the packages, you will need to disable Systemd-resolved service in your system. Systemd-resolved service is used for network name resolution to local applications.

You can disable it by running the following command:

systemctl disable --now systemd-resolved

Once the service is disabled, you will need to remove the default resolv.conf file and create a new one with your custom DNS server details.

You can remove the default resolv.conf file with the following command:

rm -rf /etc/resolv.conf

Next, add the Google DNS server to the resolv.conf file with the following command:

echo "nameserver 8.8.8.8" > /etc/resolv.conf

Once you are finished, you can proceed to the next step.

Install Dnsmasq

By default, Dnsmasq is available in the Ubuntu 20.04 default repository. You can install it by just running the following command:

apt-get install dnsmasq dnsutils ldnsutils -y

Once the installation has been finished, Dnsmasq services will be started automatically. You can check the status of the Dnsmasq with the following command:

systemctl status dnsmasq

You should get the following output:

dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2020-11-02 11:02:01 UTC; 15s ago
   Main PID: 17726 (dnsmasq)
      Tasks: 1 (limit: 2282)
     Memory: 868.0K
     CGroup: /system.slice/dnsmasq.service
             ??17726 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e>

Nov 02 11:02:12 ubuntu2004 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Nov 02 11:02:12 ubuntu2004 dnsmasq[17705]: dnsmasq: syntax check OK.
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: started, version 2.80 cachesize 150
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: DNS service limited to local subnets
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfi>
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: reading /etc/resolv.conf
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: using nameserver 8.8.8.8#53
Nov 02 11:02:12 ubuntu2004 dnsmasq[17726]: read /etc/hosts - 7 addresses
Nov 02 11:02:12 ubuntu2004 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

Once you are done, you can proceed to the next step.

Configure Dnsmasq

Next, you will need to configure Dnsmasq as a local DNS server. You can do it by editing the Dnsmasq main configuration file:

nano /etc/dnsmasq.conf

Change the following lines:

port=53
domain-needed
bogus-priv
listen-address=127.0.0.1,your-server-ip
expand-hosts
domain=dns-example.com
cache-size=1000

Save and close the file when you are finished.

Next, you will need to add your server ip address as the primary nameserver in your resolv.conf file. You can add it with the following command:

nano /etc/resolv.conf

Add the following line above the line "nameserver 8.8.8.8":

nameserver your-server-ip

Save and close the file when you are finished. Next, verify the server for any configuration error with the following command:

dnsmasq --test

If everything is fine, you should get the following output:

dnsmasq: syntax check OK.

Finally, restart the Dnsmasq service to apply the changes:

systemctl restart dnsmasq

At this point, Dnsmasq is started and listening on port 53. You can verify it with the following command:

ss -alnp | grep -i :53

You should get the following output:

udp     UNCONN   0        0                                             0.0.0.0:53                                                0.0.0.0:*                      users:(("dnsmasq",pid=41051,fd=4))                                             
udp     UNCONN   0        0                                                [::]:53                                                   [::]:*                      users:(("dnsmasq",pid=41051,fd=6))                                             
tcp     LISTEN   0        32                                            0.0.0.0:53                                                0.0.0.0:*                      users:(("dnsmasq",pid=41051,fd=5))                                             
tcp     LISTEN   0        32                                               [::]:53                                                   [::]:*                      users:(("dnsmasq",pid=41051,fd=7))                                             

Add DNS Records to Dnsmasq Server

Next, you will need to edit your /etc/hosts file and add the local DNS server entry.

nano /etc/hosts

Add the following line:

your-server-ip host1.dns-example.com

Save and close the file when you are finished.

Verify Dnsmasq Server Resolution

At this point, Dnsmasq is installed and configured. Not, it's time to verify DNS resolution.

You can use dig command to check the DNS resolution as shown below:

dig host1.dns-example.com +short

If everything is fine, you should see your server ip in the following output:

your-server-ip

You can also verify external DNS resolution with the following command:

dig howtoforge.com +short

You should get the following output:

172.67.68.93
104.26.3.165
104.26.2.165

Configure Remote Client to Use Dnsmasq DNS Server

Next, you will need to configure a remote client to use your Dnsmasq DNS server as the default DNS server.

First, install DNS tools with the following command:

apt-get install dnsutils ldnsutils -y

Once installed, you will need to edit the /etc/resolv.conf file and your Dnsmasq DNS server entry.

nano /etc/resolv.conf

Add the following line at the beginning of the file:

nameserver your-server-ip

Save and close the file when you are finished.

Next, verify the local DNS resolution with the following command:

dig host1.dns-example.com

You should see the following output:

; DiG 9.9.5-3ubuntu0.4-Ubuntu host1.dns-example.com
;; global options: +cmd
;; Got answer:
;; HEADER opcode: QUERY, status: NOERROR, id: 26401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host1.dns-example.com.		IN	A

;; ANSWER SECTION:
host1.dns-example.com.	0	IN	A	45.58.32.165

;; Query time: 301 msec
;; SERVER: 45.58.32.165#53(45.58.32.165)
;; WHEN: Mon Nov 02 16:49:37 IST 2020
;; MSG SIZE  rcvd: 66

Next, you will need to verify your DNS server for caching. You can check it using the drill utility.

First, run the following command:

drill google.com | grep "Query time"

You should see the following output:

;; Query time: 290 msec

Next, run the command again to check whether caching is working or not:

drill google.com | grep "Query time"

You should see that query time is now decreasing to 4 msec:

;; Query time: 4 msec

Conclusion

Congratulations! you have successfully installed and configured Dnsmasq as a local DNS server and Ubuntu 20.04. I hope you can now easily implement it in your local network for name resolution.

Share this page:

5 Comment(s)