A DNS server becomes very handy on several occasions where you need to define your DNS, disable the automatic DHCP server, and use a static IP. This guide can also be beneficial when you want to deploy and test a Carbonio server in a demo environment.
In this article, you’ll find how to properly install and configure a DNS server using dnsmasq on Ubuntu.
Let’s have a very brief introduction to DNS servers and see their purpose.
A Dynamic Host Configuration Protocol (DHCP) server dynamically assigns IP addresses to different devices on a network. It handles default gateways and other network parameters for client devices to communicate properly.
DNS forwarding refers to forwarding DNS requests to a designated DNS server for resolution.
DNS forwarders allow you to forward requests from a local DNS server to a DNS server outside the corporate network, while a DNS caching server answers the recursive requests of clients. This process resolves the DNS queries much faster, improving DNS lookup speeds for previously visited websites.
A DNS server has other purposes besides translating names to IP addresses. For instance, in a mail server, mail transfer agents use a DNS system to locate the most suitable server to deliver e-mail; An MX record provides a mapping between a domain and a mail exchanger. This also provides an additional layer of fault tolerance and load distribution in the server.
What Is dnsmasq?
DNS masquerade or dnsmasq is a lightweight and easy-to-configure DNS forwarder. It is specifically designed to provide a small-scale network with DNS (and optionally DHCP and TFTP) services. It serves the names of local machines that are not included in the global DNS.
How to Install dnsmasq
If you don’t have already installed dnsmasq on your Ubuntu machine, you can easily install it using its default repository as follows:
sudo apt install dnsmasq
Note: On Ubuntu 20.04, you may need to disable the default
systemd-resolved service, otherwise after installing dnsmasq, you may experience a conflict with port 53 UDP. To resolve the conflict, execute
systemctl disable systemd-resolved && systemctl stop systemd-resolved. If you had already installed dnsmasq, a reboot is required using
systemctl restart dnsmasq.
Once it’s installed, you can check the status by:
systemctl status dnsmasq
You must see the service running. If not, you can enable it using:
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
The result should be similar to this:
[zextras@localhost ~]$ systemctl status dnsmasq • dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor pre> Active: active (running) since Thu 2022-01-20 15:17:03 CET; lmin 15s ago Main PID: 968 (dnsmasq) Tasks: 1 (limit: 4810) Memory: 672.0K CGroup: /system.slice/dnsmasq.service └─968 /usr/sbin/dnsmasq -k Jan 20 15:17:03 localhost.localdomain systemd: Started DNS caching server.. Jan 20 15:17:03 localhost.localdomain dnsmasq: started, version 2.79 cache> Jan 20 15:17:03 localhost.localdomain dnsmasq: compile time options: IPv6 > Jan 20 15:17:03 localhost.localdomain dnsmasq: reading /etc/resolv.conf Jan 20 15:17:03 localhost.localdomain dnsmasq: ignoring nameserver 127.0.0> Jan 20 15:17:03 localhost.localdomain dnsmasq: read /etc/hosts - 6 address> lines 1-15/15 (END)
Configure dnsmasq server
You can configure your dnsmasq server using the
/etc/dnsmasq.conf file. Since DNS is enabled by default, we suggest creating a backup of the file before modifying it. To do so, simply run:
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
Now you can modify the
/etc/dnsmasq.conf file using your preferred text editor such as nano:
Insert the following configuration, bearing in mind that these are some example main settings, and you can add some others or change parameters based on your needs:
listen-address=::1,127.0.0.1,192.168.56.100 interface=eth0 domain=domain.abc address=/domain.abc/127.0.0.1 address=/domain.abc/192.168.56.100 #Google's nameservers server=188.8.131.52 server=184.108.40.206
At the end of the configuration, save and exit.
Now you can use the test command to see possible errors as follows:
sudo dnsmasq --test
Let’s dissect each part to understand the settings better:
listen-address– Sets the IP address where dnsmasq will be listening. Here we want our server to listen for DHCP and DNS requests on the LAN therefore we set the listen-address to its LAN IP addresses including the localhost 127.0.0.1. Note that the server IP must be static. To see how to configure a static IP, please refer to How to Set Up a Static IP Address on Ubuntu Server.
interface– Restricts the interface to which the dnsmasq listens. You can add more lines for more interfaces.
domain– Sets the domain. This means DHCP clients will have the fully qualified domain names (FQDN) as the domain you set. It also sets the domain DHCP option for all clients.
address– Forces your local domain to an IP address or addresses.
nameservers– Forwards DNS requests to whatever upstream DNS servers you specify. For instance, we used public DNS services provided by Google.
Modifying resolv.conf file
Here we’re going to force all queries to be sent to the dnsmasq. To do so, we set the
localhost address as the only nameserver by modifying the
resolv.conf file as follows:
Then modify it as follows:
# Set localhost as nameserevr nameserver 127.0.0.1
Save and exit.
Change the file’s attributes using the
chattr command to make our file immutable. This prevents the local network manager from overwriting our changes.
sudo chattr +i /etc/resolv.conf
To confirm if the attribute is set using
sudo lsattr /etc/resolv.conf
You should see the attribute
i in the output as follows
sudo lsattr /etc/resolv.conf ----i--------------- /etc/resolv.conf
Defining DNS Hosts and Names
The dnsmasq reads the DNS hosts and names from the
hosts file. Therefore we need to modify the
Open the file using:
Modify it as below:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.1ocaldomain6 127.0.0.1 dnsmasq 192.168.56.100 dnsmasq 192.168.56.1 gateway 192.168.56.110 webservertest
Other addresses such as MAAS, Nagios, etc. can be defined in separate lines.
Restart dnsmasq to apply the above changes:
sudo systemctl restart dnsmasq
Note: If you have the firewall service running, then you need to open DNS and DHCP services in its configuration:
sudo firewall-cmd --add-service=dns --permanent sudo firewall-cmd --add-service=dhcp --permanent sudo firewall-cmd --reload
Let’s Test Our Local DNS
To test if everything is working fine we can use bind-utils:
You can install it by:
sudo apt install bind-utils
Then query your DNS nameserver:
It returns any A record found within the queried hostname’s zone.
Then test the FQDN by:
Now your DNS is set up and ready to continue with Carbonio CE installation to create your test environment. To install Carbonio CE on your server, you can follow this community article: