GithubHelp home page GithubHelp logo

dnsmasq-example's Introduction

This is an example configuration of how to set up DNSMasq for DNS, DHCP and blocking undesired adverts. It is similar to the approach used by pi-hole, but without the requirement to run an HTTP server, and not needing insecure installation operational instructions or in a docker container requiring root and/or admin capabilities in order to execute.

DNSMasq example configuration

DNSMasq home page is http://www.thekelleys.org.uk/dnsmasq/ and questions relating to its use should be directed to the appropriate mailing lists. On Ubuntu systems, dnsmasq can be installed with:

  • apt update; apt -y install dnsmasq

The following configuration files are provided:

  • DNSMasq configuration file
    • Loads all configuration files in /etc/dnsmasq.d/*.conf
  • Blackhole example file
    • Shows how an address can be blackholed at the DNS server
  • Master configuration file
    • Log messages to /var/log/dnsmasq.log (log-facility)
    • Log messages asynchronously (log-async)
    • Only respond on the local interfaces (local-service)
  • DHCP sample configuration file
    • Authoratitve DHCP server (dhcp-authoratitve)
    • Leases in /var/run/dnsmasq.leases (dhcp-leasefile)
    • Send DNS server via IPv6 if enaled (option6:dns-server)
  • DNS
    • Do not forward unqualified names (domain-needed)
    • Do not forward requests for private networks (bogus-priv)
    • Do not read the /etc/resolv.conf file (no-resolv and no-poll)
    • Do not read the /etc/hosts file (no-hosts)
    • Enlarged cache size (cache-size)
    • Local DHCP caches may be cached for 60s (local-ttl)
  • DNS upstream servers (combined or individually)
  • Blocking DNS over HTTP(s) where available
  • DNSSEC configuration, with dnssec enabled
    • Ensure signed DNSSEC entries are correct (dnssec)
    • DNSSEC for unsigned entries not enabled (dnssec-check-unsigned)
    • Load entries from /usr/share/dnsmasq-base/trust-anchors.conf
  • Workarounds

Testing

There is a Dockerfile present which can be used to test dnsmasq configurations. When building the docker image, it will run dnsmasq --test to verify syntax, and when executing, it will run the daemon in foreground mode so that results can be seen as they run.

$ docker build . -t dnsmasq
$ docker run --rm -it --name dnsmasq -v $(PWD)/dnsmasq.d:/etc/dnsmasq.d:ro dnsmasq
$ docker exec -it dnsmasq dig @localhost example.com

dnsmasq-example's People

Contributors

alblue avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.