Dnsmasq Setup Guide | Configure DNS Server on Linux

Graphic of Technicians configuring dnsmasq on Linux in an IOFLOOD datacenter to provide Domain Name System caching

While striving to improve network performance and reliability on Linux servers at IOFLOOD we found that installing Dnsmasq enables optimized DNS resolution and dynamic IP address allocation. As we believe Dnsmasq’s integration with local caching, DNSSEC validation, and DHCP leasing options can be helpful for our cloud server hosting customers we have written this article with clear and concise instructions to improve network responsiveness and manage DNS and DHCP with Dnsmasq.

In this guide, we will navigate the process of installing Dnsmasq on your Linux system. We are going to provide you with installation instructions for Debian, Ubuntu, CentOS, and AlmaLinux, delve into how to compile Dnsmasq from the source, and install a specific version. Finally, we will show you how to use the Dnsmasq command and ascertain that the correctly installed version is in use.

Let’s get started with the step-by-step Dnsmasq installation on your Linux system!

TL;DR: How Do I Install Dnsmasq on Linux?

To install Dnsmasq on Debian-based systems like Ubuntu, run sudo apt-get install dnsmasq. For RPM-based systems like CentOS, use sudo yum install dnsmasq. After installation, configure Dnsmasq by editing /etc/dnsmasq.conf to set up DNS and DHCP settings as needed. Start the Dnsmasq service with sudo systemctl start dnsmasq.

Her’s an example for Debian-based distributions like Ubuntu:

sudo apt-get install dnsmasq

On RPM-based distributions like CentOS or AlmaLinux, you can run:

sudo yum install dnsmasq

These commands will install Dnsmasq on your Linux system. However, this is just the tip of the iceberg. There’s much more to learn about installing and configuring Dnsmasq on Linux. Continue reading for a more detailed guide, including advanced installation options, usage scenarios, and troubleshooting tips.

Installing Dnsmasq on Linux

Dnsmasq is a lightweight, easy-to-use server software that provides DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), and TFTP (Trivial File Transfer Protocol) services. It’s designed to provide these services for small networks, such as home networks, and it’s often used in combination with other servers or network applications.

Dnsmasq can improve network performance by caching DNS queries, reducing the need for external DNS servers. It can also serve as a DHCP server, assigning IP addresses to devices on your network. Its ease of use and versatility make it a valuable tool for managing and optimizing your network.

Installing Dnsmasq with Apt

If you’re using a Debian-based distribution such as Ubuntu, you can install Dnsmasq using the apt package manager. Here’s how:

sudo apt update
sudo apt upgrade
sudo apt install dnsmasq

# Output:
# [Expected output from command]

This sequence of commands first updates your package lists (sudo apt update), then upgrades all upgradable packages (sudo apt upgrade), and finally installs Dnsmasq (sudo apt install dnsmasq).

Installing Dnsmasq with Yum

For RPM-based distributions like CentOS or AlmaLinux, use the yum package manager to install Dnsmasq. Here’s the sequence of commands:

sudo yum check-update
sudo yum upgrade
sudo yum install dnsmasq

# Output:
# [Expected output from command]

Similar to the apt commands, this sequence checks for package updates, upgrades all upgradable packages, and then installs Dnsmasq.

In both cases, you will be prompted to confirm the installation. Press Y and then Enter to proceed with the installation.

Installing Dnsmasq from Source

While package managers make installing Dnsmasq easy, there may be instances where you want to install Dnsmasq from source. This approach gives you more control over the installation and allows you to access the latest features and bug fixes.

Here’s how to install Dnsmasq from source:

wget http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.80.tar.gz
tar -xvzf dnsmasq-2.80.tar.gz
cd dnsmasq-2.80
make
sudo make install

# Output:
# [Expected output from command]

This sequence of commands first downloads the Dnsmasq source code using wget, then extracts the files from the downloaded archive with tar, changes the directory to the extracted files, compiles the source code using make, and finally installs the program.

Different Versions of Dnsmasq

Different versions of Dnsmasq may have different features, bug fixes, or compatibility with certain systems. You can install different versions of Dnsmasq from source or using package managers.

Installing Different Versions from Source

To install a different version from source, replace the version number in the wget command with the version number you want. For example, to download version 2.79, the command would be:

wget http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.79.tar.gz

# Output:
# [Expected output from command]

Installing Different Versions with Apt or Yum

To install a specific version using apt or yum, you can specify the version number after the package name. For example, to install version 2.79 with apt, the command would be:

sudo apt-get install dnsmasq=2.79-1

# Output:
# [Expected output from command]

Replace 2.79-1 with the version you want. Note that not all versions may be available in the package manager’s repositories.

Version Comparison

VersionKey ChangesCompatibility
2.80Improved caching mechanism.Compatible with Linux and Unix-based systems.
2.79Added support for DNS-over-HTTPS (DoH).Compatible with various operating systems.

Using and Verifying Dnsmasq

Once you have installed Dnsmasq, you can start using it to manage your network services. Here are some basic commands to get you started and to verify that Dnsmasq is installed correctly.

Basic Dnsmasq Commands

Here are some basic commands to start, stop, and restart the Dnsmasq service:

sudo service dnsmasq start
sudo service dnsmasq stop
sudo service dnsmasq restart

# Output:
# [Expected output from command]

Verifying Dnsmasq Installation

You can verify that Dnsmasq is installed and running correctly using the following command:

dnsmasq --version

# Output:
# Dnsmasq version [installed version]

This command displays the installed version of Dnsmasq, verifying that the installation was successful.

Alternative DNS and DHCP Servers

While Dnsmasq is a fantastic tool for managing DNS, DHCP, and TFTP services, it’s not the only game in town. Other servers like BIND and isc-dhcp-server offer alternative approaches to managing these services.

The BIND Server

BIND (Berkeley Internet Name Domain) is a widely used DNS server. It’s known for its robustness and flexibility, making it suitable for networks of all sizes.

To install BIND on Ubuntu, you can use the following command:

sudo apt-get install bind9

# Output:
# [Expected output from command]

BIND’s configuration can be complex due to its powerful and extensive features. It’s best suited for large networks or when you need precise control over DNS services.

The isc-dhcp-server

The isc-dhcp-server is a standalone DHCP server from the Internet Systems Consortium. It’s known for its stability and scalability, making it a great choice for large networks.

To install isc-dhcp-server on Ubuntu, you can use the following command:

sudo apt-get install isc-dhcp-server

# Output:
# [Expected output from command]

Like BIND, isc-dhcp-server’s configuration can be complex. However, it offers a high level of control over DHCP services.

Dnsmasq vs. BIND vs. isc-dhcp-server

ServerAdvantagesDisadvantages
DnsmasqEasy to use, lightweight, and versatileMay lack advanced features for large networks
BINDPowerful DNS features, robust and flexibleComplex configuration
isc-dhcp-serverStable and scalable, high level of control over DHCP servicesComplex configuration

While Dnsmasq is a great tool for small to medium-sized networks, BIND and isc-dhcp-server offer more advanced features and control. The choice depends on your specific needs and the size and complexity of your network.

Addressing Common Dnsmasq Issues

While Dnsmasq is generally user-friendly, you may encounter some issues during installation or usage. Here are some common problems and their solutions.

Dnsmasq Fails to Start

One of the most common issues is Dnsmasq failing to start. This problem is often due to another service using the DNS or DHCP ports. You can check which services are using these ports with the following command:

sudo lsof -i :53
sudo lsof -i :67

# Output:
# COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
# dnsmasq 1056 dnsmasq    6u  IPv4  20144      0t0  UDP *:domain 

If another service is using these ports, you may need to stop or reconfigure that service.

Dnsmasq Configuration Errors

Configuration errors can also prevent Dnsmasq from working correctly. If you’re encountering issues, check your configuration file for any errors. The location of this file may vary depending on your distribution, but it’s typically located at /etc/dnsmasq.conf.

You can check the syntax of your configuration file with the following command:

dnsmasq --test

# Output:
# dnsmasq: syntax check OK.

This command will return any syntax errors in your configuration file.

Dnsmasq Doesn’t Resolve Local Hostnames

If Dnsmasq isn’t resolving local hostnames, it may be due to a missing or incorrect configuration. Check your /etc/dnsmasq.conf file to ensure that the domain and expand-hosts options are set correctly.

Tips for Using Dnsmasq

Here are some tips to help you get the most out of Dnsmasq:

  • Keep your configuration simple: Dnsmasq is designed to be simple and easy to use. Avoid unnecessary complexity in your configuration.
  • Use the --no-daemon option for debugging: If you’re having trouble with Dnsmasq, run it with the --no-daemon option. This will run Dnsmasq in the foreground and print verbose debug information.
  • Read the man page: The Dnsmasq man page contains a wealth of information about the different options and how to use them. You can access it with the man dnsmasq command.

Understanding DNS and DHCP

Before diving deeper into Dnsmasq, it’s crucial to understand the fundamental concepts it relies on – DNS and DHCP. These two services form the backbone of Dnsmasq and are essential in a network.

Unraveling DNS: The Internet’s Address Book

DNS, or Domain Name System, is often dubbed as the internet’s address book. It’s a system that translates human-friendly domain names, like www.google.com, into IP addresses, like 172.217.6.68, that computers use to identify each other on the network.

Imagine you’re sending a letter. For it to reach the right place, you need the correct address. Similarly, when you type a URL into your browser, DNS servers return the IP address of the server that hosts the website you’re looking for. This process is known as DNS resolution.

Here’s a simple command to demonstrate DNS resolution:

nslookup www.google.com

# Output:
# Server:       127.0.1.1
# Address:  127.0.1.1#53

# Non-authoritative answer:
# Name: www.google.com
# Address: 172.217.6.68

In this example, the nslookup command queries the DNS server to find the IP address associated with www.google.com, which is 172.217.6.68.

Decoding DHCP: The Network’s Postmaster

DHCP, or Dynamic Host Configuration Protocol, is like the postmaster of a network. It dynamically assigns IP addresses to devices on the network. This automatic assignment of IP addresses simplifies network management and reduces the risk of IP address conflicts.

When a device connects to a network, it sends a broadcast message asking for an IP address. The DHCP server responds with an available IP address and other network settings.

Here’s a command to check the DHCP leases on your Dnsmasq server:

cat /var/lib/misc/dnsmasq.leases

# Output:
# 1622217891 aa:bb:cc:dd:ee:ff 192.168.0.100 device-name *

This command displays the DHCP leases that Dnsmasq has assigned. Each line shows the lease expiration time, MAC address, IP address, device name, and client hostname.

Understanding DNS and DHCP is crucial when working with Dnsmasq. These two services are the pillars on which Dnsmasq operates, providing essential network services in an easy-to-use package.

Uses of DNS and DHCP Servers

DNS and DHCP servers, as we have seen, play a pivotal role in network management. They are the unsung heroes that keep the internet user-friendly and networks manageable. Understanding these services and how to manage them with tools like Dnsmasq is a crucial skill for any system administrator or network manager.

The Role of DNS and DHCP in Network Security

DNS and DHCP servers are not just about convenience; they also have implications for network security. DNS servers can be targets for attacks, such as DNS spoofing, where an attacker redirects a domain name to a different IP address. DHCP servers, if not properly secured, can be exploited to launch Denial of Service (DoS) attacks or to bypass network security configurations. Understanding these risks and how to mitigate them is an essential aspect of managing DNS and DHCP services.

DNS, DHCP, and Network Scalability

As networks grow, managing DNS and DHCP services can become more complex. A small network might get by with manually assigned IP addresses and a simple hosts file for DNS resolution. But as the network expands, this approach quickly becomes unmanageable. DHCP servers can dynamically assign IP addresses, making it easier to add new devices to the network. DNS servers can manage complex domain structures, making network resources easier to locate. Tools like Dnsmasq can help manage these services, making networks more scalable and easier to manage.

Further Resources for Dnsmasq Proficiency

To deepen your understanding of Dnsmasq and its applications, consider exploring these resources:

  • The Dnsmasq homepage: This is the official documentation for Dnsmasq. It provides a comprehensive overview of Dnsmasq’s features and how to use them.

  • The Linux Documentation Project: This project provides a wealth of information on various Linux topics, including networking and server management.

  • The Internet Systems Consortium: The ISC provides open source software for internet infrastructure, including BIND and isc-dhcp-server. Their website provides documentation and resources for these tools.

Wrapping Up: Dnsmasq for Linux DNS

In this comprehensive guide, we’ve explored the ins and outs of installing and using Dnsmasq, a versatile tool for managing DNS, DHCP, and TFTP services on Linux systems.

We started with the basics, demonstrating how to install Dnsmasq using package managers like apt and yum. We then delved into more advanced topics, such as installing Dnsmasq from source, installing different versions, and verifying the installation. We also discussed how to use Dnsmasq, providing basic commands and tips for getting started.

Along the way, we addressed common issues you might encounter when using Dnsmasq, such as Dnsmasq failing to start or not resolving local hostnames. We provided solutions for these issues, helping you troubleshoot and overcome any challenges you might face.

Additionally, we looked at alternative DNS and DHCP servers, such as BIND and isc-dhcp-server, giving you a broader perspective on the available tools for managing these services. Here’s a quick comparison of these tools:

ServerEase of UseVersatilityComplexity
DnsmasqHighHighLow
BINDModerateHighHigh
isc-dhcp-serverModerateModerateHigh

Whether you’re just starting out with Dnsmasq or looking to deepen your understanding, we hope this guide has provided you with a comprehensive overview of Dnsmasq’s capabilities and how to use it effectively.

With its balance of ease of use, versatility, and simplicity, Dnsmasq is a powerful tool for managing DNS, DHCP, and TFTP services on Linux systems. Happy networking!