BEFN$?FN Dnsmasq M%PXbfYZ_lb#=fkfc`X JdXccjZXc\;EJXe[;?:Gn`k_;ejdXjh <8JPD8GG@E>

Dnsmasq is a practical alternative for DNS on a small scale.

BY MARTIN STEIGERWALD

NS provides a means for associ- tion time. All you need to do is set up dnsmasq.d directory. Alternatively, ating domain names with IP ad- each client to use DHCP, and you won’t conf-file loads a single configuration file. ;dresses. A system of DNS servers need to maintain an /etc/hosts file for The man page for the software docu- operating on the Internet delivers the hostname-to-address mapping. The pro- ments the configuration options. After seamless address mapping that lets you gram is frugal in its use of resources, and making changes, you can type /etc/ surf the web with names instead of it is therefore well suited for deployment init.d/dnsmasq restart to tell the server numbers. But what if you have a very on Linux-based router systems. to parse the new configuration. small network that resides behind a fire- Several popular Linux distributions The DNS server is very easy to config- wall with network address translation? A have Dnsmasq in their repositories. On ure. All you need to do is create a tiny simple local network doesn’t need any- Debian, Ubuntu, and openSUSE, you configuration file named, say, /etc/ thing close to the functionality provided need to install the dnsmasq package. dnsmasq.d/dns (Listing 1). The do- by a full-blown DNS implementation. The popular router distributions Open- main-needed line tells Dnsmasq not to Typically, it is quite enough to respond Wrt, DD-WRT, and FreeWRT all include to DNS requests from hosts on the local the program [1] [2]. In our lab, Dnsmasq Listing 1: Configuring DNS network and forward all other requests ran on Debian from a USB stick attached in Dnsmasq to the provider’s DNS server. to an Asus WL-500g Premium DSL # Be friendly to upstream DNS servers

Dnsmasq is a simple, lightweight im- router (Figure 1) [3]. domain-needed plementation of DNS, DHCP, and TFTP J\kk`e^Lg;ejdXjh bogus-priv for small, local networks. This practical # Filter some Windows DNS requests tool serves up addresses for the local The Dnsmasq configuration file is /etc/ filterwin2k network and forwards requests for exter- dnsmasq.conf. However, you have a # Only listen on LAN interfaces nal hosts to any DNS server. Because more convenient configuration option interface=eth0.1 Dnsmasq integrates DNS with DHCP, it than editing this file and redoing your bind-interfaces remembers the names of hosts that re- changes whenever you update the pro- ceive addresses through DHCP. This ap- gram: conf-dir=/etc/dnsmasq.d lets you # Local domain proach significantly reduces configura- load the configuration files from the /etc/ domain=lichtvoll.home

48 ISSUE 101 APRIL 2009

048-050_dnsmasq.indd 48 11.02.2009 15:51:20 Uhr Dnsmasq BEFN$?FN

domains. In addition, Dnsmasq adds en- tries from /etc/hosts to its DNS, which also is where you would add the name of the host on which Dnsmasq is run- ning. The recommended order according to the hosts man page is to start with the IP address, followed by the hostname and the domain, and finally the host- name without the domain, all separated by spaces. For a host on the local network, the domain must match the domain set in Dnsmasq; name resolution will not work if this is not the case. ;?:G`eXJ`e^c\C`e\ DHCP also is enabled quickly. The pro- gram uses the option =`^li\(1;ejdXjhilejn`k_flkgifYc\dfeXjdXcc;JCiflk\i% dhcp-range=5 ask the upstream name server unless the available for host requests on the Inter- 10.0.1.9,10.0.1.99,12h requested hostname includes a domain net? Dnsmasq takes this setting from the name. The bogus-priv line tells the tool /etc/resolv.conf file on the computer on in a file such as /etc/dnsmasq.d/dhcp to not to pass requests for IP addresses which it is running. This file stores the assign dynamic leases with IP addresses (aka reverse lookups) to the upstream IP addresses of up to three name servers between 10.0.1.9 and 10.0.1.99, valid for DNS server if they originate in private IP tagged with the nameserver label. The 12 hours. Thanks to the long lease dura- address ranges (see the “Private IP Ad- Debian resolvconf package uses an even tion, the DHCP clients running on the dress Ranges” box). more elegant approach: The list of DNS hosts do not need to drop their IP ad- The interface and bind-interfaces in- servers for Dnsmasq is stored in /var/ dresses in case of a server outage. structions tell the DNS server only to lis- run/dnsmasq/resolv.conf, and /etc/resolv. If you so desire, you can use dhcp-host ten for requests on the local network. Fi- conf only points to 127.0.0.1 as the name to assign static addresses to specific nally, domain specifies the local domain, server [4]. hosts. Listing 2 shows an example. Dns- which is freely configurable. It is not a The resolv-file instruction tells Dns- masq identifies hosts by their MAC ad- good idea to use domains that already masq to load its DNS servers from a dif- dresses, their network interface, their exist on the Internet. The .home domain ferent file, and server lets you add DNS hostname, or their DHCP client ID. is always a good choice, and you need to servers directly to the configuration file. In the ISC DHCP client configuration add it as your clients’ /etc/resolv.conf For example, the following entry sup- file, you need an option such as send search option. If you specify a hostname ports use of the DNS servers at Open- host-name "Hostname" (/etc/dhcp3/dh- without a domain, the DNS software will DNS [5]: client.conf for Debian and its derivates) attempt to resolve the name by append- to send the hostname. Alternatively, ing the local domain; this saves some # OpenDNS.com DNS-Server send dhcp-client-identifier will send a typing. server=208.67.222.222 DHCP client ID (see man dhcp-options). This sample configuration leaves out server=208.67.220.220 OpenSUSE uses dhcpcd as its standard one important consideration: How does DHCP client, which sends hostnames by Dnsmasq know which DNS server is Alternatively, you can integrate an exist- default. Alternatively, you can enable ing DNS server for your network or other the ISC client by specifying dhclient for Private IP Address Ranges the DHCLIENT_BIN vari- able in the /etc/sysconfig/ In line with RFC 1918, routers do not for- Listing 2: Assigning static addresses ward some IP address ranges onto the # Dynamic DHCP dhcp file on your system. Internet. The ranges are as follows: dhcp-range=10.0.1.9,10.0.1.99,12h The configuration is in / etc/dhclient.conf. UÊ Ê£™Ó°£Èn°ä°äÉÊ£È\Ê£Èn°£Èn°ä°£ÊÌœÊ # ThinkPad T42 To discover the MAC ad- £Èn°£Èn°Óxx°Óx{ dhcp-host=shambhala,10.0.0.21 dress of a network inter- UÊ Ê£ÇÓ°£È°ä°äÉÊ£Ó\Ê£ÇÓ°£È°ä°£ÊÌœÊ # ThinkPad T23 face on a Linux system, £ÇӰΣ°Óxx°Óx{ dhcp-host=deepdance,10.0.0.99 you can use ip link or if- UÊ £ä°ä°ä°äÉÊn\Ê£ä°ä°ä°£Ê̜ʣä°Óxx°Óxx°Óx{ # Sam440ep config -a. The ARP cache dhcp-host=00:50:c2:5a:44:e9,gaia,10.0.0.5 These address ranges are thus useful for contains the MAC ad- setting up local networks. The IP ad- # Amiga 4000 with usb ethernet adaptor dresses of the computers dresses specified can be used for hosts. dhcp-host=00:80:c9:40:00:c0,sunshine,10.0.0.77 your Linux system talked

APRIL 2009 ISSUE 101 49

048-050_dnsmasq.indd 49 11.02.2009 15:51:23 Uhr BEFN$?FN Dnsmasq

tering something like host linux-user.de, you can check name resolution. If everything is working as expected, you can launch YaST to permanently set the interface to DHCP in Network hard- ware | Network settings | Overview. For Debian and its derivates, you need to re- place the static option in iface interface inet static with dhcp and remove the manual configuration lines that follow. An ifup eth0 triggers DHCP-based con- figuration of the interface, if this has not =`^li\)1J\kk`e^lgX;?:G_fjk\ekip]fiXD8:X[[i\jj% already happened. Alternatively, you can use the Network Manager, which is en- to last. The ip neigh or arp instruction Then type /etc/init.d/dnsmasq restart abled in YaST in Network hardware | displays the cache content. If the device to restart Dnsmasq. Network settings | Global Options | Net- you are looking for is missing from the The ISC DHCP client is recommended work connection method. On Debian and list, pinging the device’s IP address will for initial tests on Linux. First deconfig- its derivates, the Network Manager man- put its MAC address in the ARP cache. ure the network interface (typically eth0) ages any interfaces not configured in Alternatively, you can use DHCP to by typing ifdown eth0, and then type dh- /etc/network/interfaces. pick up a dynamic lease for the client client eth0 to launch the DHCP client. If and then monitor the Dnsmasq log by you see output like that shown in Figure :feZclj`fej entering tail -f /var/log/daemon.log | 3, DHCP-based configuration is working. Dnsmasq keeps to functions that make grep DHCP on Debian, or tail -f /var/log/ The /var/lib/misc/dnsmasq.leases file on sense on a small local network with In- messages | grep DHCP on openSUSE the computer running the server has a ternet access. It works reliably – once (Figure 2). list of the assigned leases (Figure 4). configured you will quickly forget that it Otherwise, type netstat -tulpen | grep is running. The configuration is simple

INFO [1] Dnsmasq in OpenWrt: http:// wiki. openwrt. org/ OpenWrtDocs/ dnsmasq [2] Dnsmasq as a DHCP server: http://www. dd-wrt. com/ wiki/ index. php/ DNSMasq_as_DHCP_server QÎRÊ Ê iLˆ>˜Êœ˜ÊÌ iÊ
ÃÕÃÊ7‡xää}Ê Deluxe: http:// wpkg. org/ Running_ Debian_on_ASUS_WL-500G_deluxe Q{RÊ Ê ˜Ã“>õʈ˜Ê iLˆ>˜\Ê/ usr/ share/ doc/ dnsmasq/ README. Debian QxRÊ Ê"«i˜ -\Ê http:// www. opendns. com/

Martin Steigerwald works as a trainer, consultant, and system administrator for team(ix) GmbH in Nuremberg. His work mainly focuses on Linux train- ing, as well as designing, installing, and maintaining robust IT infrastruc-

THE AUTHOR THE tures based on Debian. =`^li\*1@];?:GXe[;EJXi\nfib`e^#k_`j`jn_Xkpflj_flc[j\\%

50 ISSUE 101 APRIL 2009

048-050_dnsmasq.indd 50 11.02.2009 15:51:24 Uhr