In two previous blog posts we talked about Dnsmasq’s DNS caching and read-only TFTP server set up. Continuing with a third dnsmasq-related post, we’ll talk about how to set up a DNS server in your network.
Literally, all you have to do is install dnsmasq on a host:
apt-get install dnsmasq
After the installation the dnsmasq process starts running and you have a DNS server in your network! Of course, it’s advisable to set a static IP on your new DNS server in order to be able to use it from other hosts. My DNS server runs on 172.31.0.2.
To demonstrate how this improves look up time I use dig below to time the lookup time for bing.com.
By using the default DNS servers on this machine, 22.214.171.124, it takes around 15 mseconds to resolve bing.com. No matter how many times I repeat this command, the resolution time is about the same.
$ dig +noall +stats bing.com ;; Query time: 15 msec ;; SERVER: 172.31.0.154#53(172.31.0.154) ;; WHEN: Mon Dec 02 13:52:16 PST 2019 ;; MSG SIZE rcvd: 69
The first time I use my new DNS server (172.31.0.2) it also takes 15 mseconds. The first time you resolve a new host, dnsmasq has also to do a look up using another DNS server since it doesn’t have the lookup information stored.
$ dig +noall +stats bing.com @172.31.0.2 ;; Query time: 15 msec ;; SERVER: 172.31.0.154#53(172.31.0.154) ;; WHEN: Mon Dec 02 13:52:16 PST 2019 ;; MSG SIZE rcvd: 69
Moving forward, for all subsequent look ups of bing.com the lookup time is 0 mseconds. That’s because now dnsmasq has cached the bing.com lookup information, and returns it itself when it receives a query:
$ dig +noall +stats bing.com @172.31.0.2 ;; Query time: 0 msec ;; SERVER: 172.31.0.154#53(172.31.0.154) ;; WHEN: Mon Dec 02 13:57:37 PST 2019 ;; MSG SIZE rcvd: 69
You just saved 15 mseconds look up time!
Even if you don’t touch at all the dnsmasq configurations you will have a working DNS server. However, there are quite a few options you can use to fine tune your DNS server. For example, you can enable or disable DNSSEC, filter out useless Windows-originated DNS requests, or require to forward domain names only.
The dnsmasq team has done a good job documenting each option in the actual configuration file /etc/dnsmasq.conf. So, if you open that file, you should see towards the top all available options with extensive comments. I could copy and paste those options here, but in case they change with a newer version it would make this blog post inaccurate.
In the following blog post we’ll talk about how to set up a DHCP server which is the last functionality of dnsmasq we haven’t covered.