dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. It is meant to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. This article is all about setting up DNS/DHCP Server Using dnsmasq on Linux.
Install dnsmasq on CentOS/RHEL/Rocky/Alma Linux 8/9
dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. It is meant to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls.
Installation
# dnf install dnsmasq Updating Subscription Management repositories. EPEL8 x86_64 79 kB/s | 2.3 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 91 kB/s | 4.1 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 99 kB/s | 4.5 kB 00:00 Dependencies resolved. ====================================================================================================================================================================================================================== Package Architecture Version Repository Size ====================================================================================================================================================================================================================== Installing: dnsmasq x86_64 2.79-24.el8_7.1 rhel-8-for-x86_64-appstream-rpms 321 k Transaction Summary ====================================================================================================================================================================================================================== Install 1 Package Total download size: 321 k Installed size: 651 k Is this ok [y/N]: y Downloading Packages: dnsmasq-2.79-24.el8_7.1.x86_64.rpm 4.5 MB/s | 321 kB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 4.4 MB/s | 321 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: dnsmasq-2.79-24.el8_7.1.x86_64 1/1 Installing : dnsmasq-2.79-24.el8_7.1.x86_64 1/1 Running scriptlet: dnsmasq-2.79-24.el8_7.1.x86_64 1/1 Verifying : dnsmasq-2.79-24.el8_7.1.x86_64 1/1 Installed products updated. Uploading Tracer Profile Installed: dnsmasq-2.79-24.el8_7.1.x86_64 Complete!
Enable and start dnsmasq on CentOS/RHEL/Rocky/Alma Linux 8/9
systemctl enable --now dnsmasq
Created symlink /etc/systemd/system/multi-user.target.wants/dnsmasq.service → /usr/lib/systemd/system/dnsmasq.service.
# systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-07-26 11:53:15 EAT; 9s ago
Main PID: 4564 (dnsmasq)
Tasks: 1 (limit: 50672)
Memory: 1.8M
CGroup: /system.slice/dnsmasq.service
└─4564 /usr/sbin/dnsmasq -k
Jul 26 11:53:15 labocpbast.technnix.com systemd[1]: Started DNS caching server..
Configure the dnsmasq server
Create a backup of the dnsmqsq configuration file using the following command.
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
Using your favorite editor e.g vim, edit the /etc/dnsmasq.conf file
vim /etc/dnsmasq.conf
Add the following sample content. You can customize it to match your configuration.
listen-address=::1,127.0.0.1,10.190.111.220 interface=eth0 domain=labocp.technnix.net address=/labocp.technnix.net/127.0.0.1 address=/labocp.technnix.net/10.190.111.220 #Internal DNS nameservers server=172.25.121.118 server=172.26.121.118
Save the configuration and test if its OK.
# dnsmasq --test dnsmasq: syntax check OK.
Configure dnsmasq with /etc/resolv.conf File
The goal of this step is to ensure that all queries are sent to dnsmasq which is running on localhost. We set localhost as the only nameserver in the /etc/resolv.conf.
# vim /etc/resolv.conf # [root@labocpbast ~]# cat /etc/resolv.conf # This is the only nameserver in this configuration file nameserver 127.0.0.1
Make the file immutable since its managed by NetworkManager. To ensure that its not overwritten by the NetworkManager daemon, lets use chattr command to set the immutable attribute.
# chattr +i /etc/resolv.conf [root@labocpbast ~]# lsattr /etc/resolv.conf ----i--------------- /etc/resolv.conf
Define DNS Hosts and Names
The dnsmasq service reads all hosts and names defined in the /etc/hosts file. Therefore, lets add all the the pairs of DNS host IP addresses and IP names as show below:
# vim /etc/hosts [root@labocpbast ~]# cat /etc/hosts 127.0.0.1 dnsmasq 10.197.139.220 dnsmasq 10.197.139.254 gateway 10.197.139.110 master01 10.197.139.111 master02 10.197.139.112 master03 10.197.139.115 worker01 10.197.139.116 worker02 10.197.139.117 worker03
The next step is to apply the above changes by restarting the dnsmasq service.
# systemctl restart dnsmasq
Configure the Firewall
If your firewalld is running, you need to whitelist DNS and DHCP on the firewall.
# firewall-cmd --add-service=dns --permanent success # [root@labocpbast ~]# firewall-cmd --add-service=dhcp --permanent success # [root@labocpbast ~]# firewall-cmd --reload success
Test Local DNS
bind-utils can help us test DNS forwarding. Ensure the utility is installed.
# dnf install bind-utils -y Updating Subscription Management repositories. EPEL8 x86_64 84 kB/s | 2.3 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 91 kB/s | 4.1 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 106 kB/s | 4.5 kB 00:00 Package bind-utils-32:9.11.36-8.el8.x86_64 is already installed.
Actual testing:
# dig labocp.technnix.net # nslookup labocp.technnix.net # dig webserver1.labocp.technnix.net
Enable DHCP Server Using dnsmasq
We can enable the DHCP server for dnsmasq by uncommenting the dhcp-range option in the /etc/dnsmasq.conf file and supply the range of addresses available for lease and/or a lease time.
dhcp-range=10.190.111.110,10.190.111.200,24h dhcp-option=option:router,10.190.111.254 dhcp-option=option:dns-server,172.25.121.118,172.26.121.118 dhcp-authoritative
It is important to uncomment this line: dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases so that the dhcp leases are kept in the file and we can easily check the assigned leases.
I have deployed some instances on VMware in the same network as the dnsmasq server. I have tailed the lease file as show below:
# tail -f /var/lib/dnsmasq/dnsmasq.leases 1690585172 00:50:56:bd:9b:aa 10.190.111.113 * 01:00:50:56:bd:9b:aa 1690585172 00:50:56:bd:9b:aa 10.190.111.113 * 01:00:50:56:bd:9b:aa tail: /var/lib/dnsmasq/dnsmasq.leases: file truncated 1690585190 00:50:56:bd:3c:6a 10.190.111.114 * 01:00:50:56:bd:3c:6a 1690585225 00:50:56:bd:9b:aa 10.190.111.113 * 01:00:50:56:bd:9b:aa 1690585225 00:50:56:bd:9b:aa 10.190.111.113 * 01:00:50:56:bd:9b:aa 1690585225 00:50:56:bd:9b:aa 10.190.111.113 * 01:00:50:56:bd:9b:aa
whoah this weblog is magnificent i really like reading your posts.
Stay up the good work! You already know, many people are hunting around for this information, you can help them greatly.
Thank you for your feedback.
Keep on writing, great job!
Thank you for visiting
of course like your website however you need to test the spelling on quite a few of your posts.
Several of them are rife with spelling issues and I to find it very troublesome to tell the truth on the other hand I’ll surely come back again.
Thank you for visiting
If some one needs to be updated with most up-to-date technologies therefore he must be go to see this web page and be up to date every day.
Thank you for visiting.