User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
router:dnsmasq [2024/08/26 08:57] willyrouter:dnsmasq [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-===== Using DNSMasq for the internal network ===== 
- 
-On this page i will show you the use of [[https://wiki.gentoo.org/wiki/Dnsmasq/|DNSmasq]] which is a very simple but powerful tool that acts as a forwarding DNS server and DHCP server allowing file-tuning of configuration even on a per-device base. 
- 
-I have moved from DNSMasq to using the standard DHCP server and Unbound as DNS server with ad-blocking, and this is described [[router:dhcp-dns|here]]. Please consider the information on this page as reference memory **only**. 
- 
-=== Upstream DNS resolver === 
- 
-If using DNSMasq, you will need to specify a standard upstream resolver. You can use something like AdGuard or go directly with OpenDNS or Google (there are many options). 
- 
-You need to populate your **/etc/resolv.conf** with the AdGuard (or Google, or OpenDNS...) nameservers: 
-<file - resolv.conf> 
-# Google DNS 
-#nameserver 8.8.8.8 
-#nameserver 8.8.4.4 
-# AdGuard DNS 
-nameserver 94.140.14.14 
-nameserver 94.140.15.15 
-</file> 
- 
-this will be immediately active. 
- 
-==== DNSMasq ==== 
- 
-Installing DNSMasq is easy enough, but better enable a couple of specific use flags first: 
-<code bash> 
- > echo net-dns/dnsmasq dhcp-tools dnssec >> /etc/portage/package.use/dnsmasq 
-</code> 
- 
-**dhcp-tools** is needed to ensure dnsmasq will support DHCP, while **dnssec** will be useful to enable dnssec support on the home network. 
- 
-Install the tool: 
-<code bash> 
- > emerge dnsmasq 
-</code> 
- 
-All you actually need to do it create a meaningful configuration file, take this one as example: 
-<file - dnsmasq.conf> 
-# Here put your home LAN interface 
-listen-address=10.0.0.1 
-bind-interfaces 
-# do not resolve your internal DNS names outside 
-domain-needed 
-# Never forward addresses in the non-routed address spaces 
-bogus-priv 
-# Enable dnssec support 
-#conf-file=/usr/share/dnsmasq/trust-anchors.conf 
-#dnssec 
-#dnssec-check-unsigned 
-# You can add your own ads filters here (only hosts format!) 
-#addn-hosts=/etc/adblock.hosts 
-# Use this custom-folder to add more blocklists; 
-# conf-dir=/etc/dnsmasq.d,*.conf 
-#  DHCP settings for internal network (from 100 to 250, under 100 are fixed ips) 
-dhcp-range=10.0.0.100,10.0.0.250,12h 
-# Send gateway and DNS values to the DHCP clients 
-dhcp-option=option:router,10.00.0.1 
-dhcp-option=option:dns-server,10.00.0.1 
-# Preassign fixed IPs via DHCP to specific hosts: 
-#dhcp-host=34:f3:9a:73:a6:a4,10.0.0.99 
-# DNSSEC 
-conf-file=/usr/share/dnsmasq/trust-anchors.conf 
-dnssec 
-dnssec-check-unsigned 
-</file> 
- 
-Dnsmasq will operate **only** on your internal network by listening only on 10.0.0.1 IP address and being bind-ed to the associated interface. This is specially needed if you are using Unbound as DNS resolver. 
- 
-Here i assign a pool od dynamic IP addresses (from 100 to 254) on the 10.0.0.0 subnet. Addresses under 100 can be used for static assignments. For example, i use static IPs for all my OpenWRT Access Points and wired security cameras, and dynamic for all other devices. 
- 
-To be sure that all devices will use the home server both as DNS server and gateway, you need to set the two above dhcp options. This will not work for devices that use hard-coded DNS servers (like Fire Sticks and Google Chromecasts...) but there is a workaround for those too, and i will show you later on. 
- 
-Well, this is almost all. Start //dnsmasq// service and make it start on boot: 
-<code bash> 
- > rc-update add dnsmasq default 
- > /etc/init.t/dnsmasq start 
-</code> 
- 
-Now you can connect your devices to the home network and they will get an IP address and a full network configuration to go with it. 
- 
- 
-==== Hosts file ==== 
- 
-DNSMasq will use your home server **/etc/hosts** file to feed DNS to your home network. It means that's the perfect place to resolve your domain internally: 
-<file - hosts> 
-10.0.0.1 home.mydomain.com 
-10.0.0.1 mydomain.com 
-</file> 
- 
-So that all devices inside your network will be able to reach your internal services like they are from outside, and mobile devices will only require **one** configuration both when they are inside and outside your home network. 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information