This article will show you how to install and configure a DNS server using dnsmasq on CentOS 7 / RHEL 7 / CentOS 8 / RHEL 8. This will be a step by step walkthrough, very useful in situations like Zimbra installation where you want to use a static IP and define your own DNS and disable automatic DHCP server.
A DHCP (Dynamic Host Configuration Protocol) server dynamically assigns IP addresses and other network configuration parameters to each device on a network.
A DNS forwarder on a LAN forwards DNS queries for non-local domain names to upstream DNS servers (outside that network), while a DNS caching server answers recursive requests from clients so that the DNS query can be resolved faster, thus improving DNS lookup speeds to previously visited sites.
What is DNSMASQ
dnsmasq (DNS masquerade) is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS.
1. Install dnsmasq in your CentOS / RHEL Linux
If you don’t have already installed dnsmasq in your CentOS/RHEL Linux, you can easily install it, since it is available in the default repository, with the following command:
yum install dnsmasq
Once you have installed it, you can check the status:
systemctl status dnsmasq
If you find that it is not running, we must start and enable it with the following commands:
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
The result should be similar to this:
2. Configure dnsmasq Server
The dnsmasq server can be configured via the /etc/dnsmasq.conf file. Since DNS is enabled by default, we suggest creating a backup of the .conf file before making any changes:
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
Now open the /etc/dnsmasq.conf file using your preferred text editor (we use “nano” )
and enter the following suggested configuration, bearing in mind that these are some example main settings and you can add some others or change parameters according to your needings:
listen-address=::1,127.0.0.1,192.168.56.100 interface=eth0 domain=domain.abc address=/domain.abc/127.0.0.1 address=/domain.abc/192.168.56.100 #Google's nameservers server=220.127.116.11 server=18.104.22.168
Let’s understand better the settings we entered:
This option is used to set the IP address where dnsmasq will listen on. In this guide we want our CentOS/RHEL server to listen for DHCP and DNS requests on the LAN, so we are going to set the listen-address to its LAN IP addresses (including the localhost 127.0.0.1).
NOTE: The Server IP must be static. To see how to configure a static IP please refer to the following guide: “Setting up a Static IP Address on CentOS / RHEL”
The interface option is used to restrict the interface dnsmasq listens on. Note that you can add more lines if you mean to have more than one interface.
This option is used to set the domain. This means DHCP clients will have FQDN (fully qualified domain names) while the set domain is the same and also sets the domain DHCP option for all clients.
Using the address option, you can force your local domain to an IP address(es)
In the example, we used Google’s ones, but you can eventually choose to use a different one, “127.0.0.53”, which is the address of the local caching stub resolver. It forwards DNS requests to whatever upstream DNS servers you specify.
At the end of the configuration, press Ctrl + x to exit, save the configuration and check the syntax for any errors using the following command:
sudo dnsmasq --test
3. Setting Up dnsmasq with resolv.conf File
This short step shows you how to set the localhost address as the only nameserver in resolv.conf file. This is intended to make all queries to be sent to dnsmasq.
Open resolv.conf file:
Then modify it as follows:
Save and exit.
To prevent the overwriting of our changes by the local daemon (NetworkManager) we are going to set the immutable attribute to our file using the chattr command this way:
sudo chattr +i /etc/resolv.conf
We can also make a quick check if everything is right with lsattr command:
4. Defining DNS Hosts and Names and Testing Local DNS
All the DNS hosts and names are read by dnsmasq from the hosts file, so we need to modify the /etc/hosts file as follows:
Eventually, you can add some other defined addresses such as MAAS, Nagios, …
Now restart dnsmasq to apply the above changes:
sudo systemctl restart dnsmasq
Note: If you have the firewall service running, then you need to open DNS and DHCP services in its configuration:
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --add-service=dhcp --permanent
sudo firewall-cmd --reload
To test if everything is working fine we can use bind-utils:
If you don’t have them installed on your system, just run the command:
sudo yum install bind-utils
dig domain.abc or nslookup domain.abc
and also test the FQDN:
dig webservertest.domain.abc or nslookup webservertest.domain.abc