Installing DNSmasq on Linux to Set Up Your Own Public DNS

Publish: 2017-04-04 | Modify: 2017-12-31

DNSmasq is a small and convenient tool for configuring DNS and DHCP. It is suitable for small networks and provides DNS functionality and optional DHCP functionality. Building your own public DNS is more flexible, and if it is built locally, it can greatly improve resolution speed.

DNSmasq

Installation

You can download the software package and compile it for installation, but generally Linux software repositories already provide DNSmasq. The relevant commands are as follows:

# For CentOS
yum -y install dnsmasq
# For Ubuntu
apt-get -y install dnsmasq

Configuration

The DNSmasq configuration file is located at /etc/dnsmasq.conf. We need to modify several parameters:

  • resolv-file=/etc/resolv.dnsmasq.conf: This parameter indicates that dnsmasq will look for upstream DNS servers in the specified file.
  • Uncomment strict-order: This indicates that DNS resolution will be performed strictly in the order specified in the resolv-file file, starting from the top and stopping at the first successful resolution.
  • Comment out no-hosts: By default, this is commented out. Dnsmasq will first look for the local hosts file and then look for cached domain names before finally searching the upstream DNS server.
  • Set listen-address=127.0.0.1, replacing 127.0.0.1 with your own server IP.

Let's summarize the configuration changes we made:

# Create a resolv.dnsmasq.conf file to configure upstream DNS servers
vi /etc/resolv.dnsmasq.conf
# Contents of the file:
nameserver 119.29.29.29
nameserver 1.2.4.8
# Modify /etc/dnsmasq.conf
# Path to upstream DNS
resolv-file=/etc/resolv.dnsmasq.conf
# Uncomment strict-order
strict-order
# Set listen-address to your server's public IP
listen-address=127.0.0.1

Usage

DNSmasq can be used to specify different DNS servers for different domains by modifying the /etc/dnsmasq.conf file. If DNS is not set for a domain, it will be obtained from the upstream DNS server.

# Specify the use of 114 DNS for taobao.com
server=/taobao.com/114.114.114.114
# Specify the use of 8.8.8.8 for google.com
server=/google.com/8.8.8.8

You can also perform domain resolution for specific domain names, similar to local hosts file mapping. This can be achieved by modifying the /etc/dnsmasq.conf file. DNSmasq can also perform wildcard resolution for domain names by using the format *.xiaoz.me.

# Map ad domain names to 127.0.0.1 for ad blocking
address=/ad.youku.com/127.0.0.1
address=/ad.iqiyi.com/127.0.0.1
# Perform wildcard resolution for xiaoz.me
address=/*.xiaoz.me/192.168.20.138

Start and Test

# Start
/etc/init.d/dnsmasq start
# Stop
/etc/init.d/dnsmasq stop
# Restart
/etc/init.d/dnsmasq restart

For example, if I install DNSmasq on a local Linux server (192.168.20.127) and configure the DNS of other PCs in the LAN as 192.168.20.127, I can test it using the dig command. The first query may take a relatively long time, but the second query will take less than 10ms, as shown in the screenshot below.

Dig Test

Conclusion

If DNSmasq is built on an internal network, it can not only improve resolution speed but also effectively prevent DNS hijacking and achieve ad blocking. If DNSmasq is built on a public network, it can also map specified domain names to hosts to avoid DNS pollution and achieve fq.

If you find that DNSmasq starts normally but cannot resolve, please make sure that the firewall allows TCP/UDP port 53.

Comments
xiaoz

I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.

Random article