Ubuntu/Bespin/DNS

This page covers the installation of dnsmasq to provide DHCP and DNS services.

Install dnsmasq

Start by installing dnsmasq with apt-get:

sudo apt-get -y install dnsmasq

This will try to start dnsmasq, but it will fail and print red text. This is fine - the system's built-in systemd-resolved is already listening on port 53 so we will need to disable this service.

ORDER IS IMPORTANT! We need dnsmasq installed FIRST, because disabling systemd-resolved will cause DNS queries to fail, so the internet connection will break. We need dnsmasq ready to start and take over the DNS duties.

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Preserve the original dnsmasq config file, which has a lot of useful information:

sudo mv /etc/dnsmasq.conf{,.orig}

Now create the dnsmasq config file

dnsmasq config without hostapd

/etc/dnsmasq.conf

# don't send external traffic that is missing a domain
domain-needed
# don't send external traffic that has bogus private ip
bogus-priv
# set the local domain
domain=mylocalnet
local=/mylocalnet/
# listen on these interfaces and only these interfaces
listen-address=127.0.0.1
bind-interfaces
# don't read /etc/resolv.conf
no-resolv

# define what to do if no name resolution
# all dns queries use pihole dns server
server=127.53.0.1

# send dnsmasq logs to a single place
log-facility=/var/log/dnsmasq.log

dnsmasq config with hostapd

/etc/dnsmasq.conf

# don't send external traffic that is missing a domain
domain-needed
# don't send external traffic that has bogus private ip
bogus-priv
# set the local domain
domain=mynet
local=/mynet/
# listen on these interfaces and only these interfaces
listen-address=127.0.0.1
listen-address=192.168.10.1
bind-interfaces
# don't read /etc/resolv.conf
no-resolv
# define range of IP addresses to hand out
dhcp-range=192.168.10.100,192.168.10.150,255.255.255.0,24h

# define what to do if no name resolution
# all dns queries use pihole dns server
server=127.53.0.1

## to specify different upstream dns for each network,
## can specify server in the following form:
## server=<dest-ip>/<src-ip>
## use PiHole for local DNS queries
#server=127.53.0.1/127.0.0.1
## use Google DNS for hostapd queries
#server=8.8.8.8/192.168.0.1

# send dnsmasq logs to a single place
log-facility=/var/log/dnsmasq.log

Now we are ready to start up dnsmasq:

sudo systemctl enable dnsmasq
sudo systemctl start dnsmasq

Set Preferred DNS Nameservers

Set preferred nameservers by editing the dhcp configuration file:

/etc/dhcp/dhcpcd.conf

static domain_name_servers=8.8.8.8

or for dhclient:

/etc/dhcp/dhclient.conf

prepend domain-name-servers 127.0.0.1;

~~(THESE INSTRUCTIONS FROM RaspberryPi/Hotspot ARE OLD)~~

~~Remove the existing file at /etc/resolv.conf (a symlink to a network manager thing). Create a new version of the file that specifies preferred nameservers:~~

~~nameserver 8.8.8.8~~

NOTE: this file will be overwritten at boot by Network Manager. If your DNS is broken and dnsmasq does not seem to be able to find a preferred nameserver, circle back and double-check that network manager has been disabled.

Improved Logging

Dnsmasq configuration file has a log-facility option to control where logs go. Add this to the config file:

log-facility=/var/log/dnsmasq.log