Ubuntu/Bespin/DNS

This page covers the installation of dnsmasq to provide DHCP and DNS services.

Install dnsmasq

Start by installing dnsmasq with apt-get:

sudo apt-get -y install dnsmasq

This will try to start dnsmasq, but it will fail and print red text. This is fine - the system's built-in systemd-resolved is already listening on port 53 so we will need to disable this service.

ORDER IS IMPORTANT! We need dnsmasq installed FIRST, because disabling systemd-resolved will cause DNS queries to fail, so the internet connection will break. We need dnsmasq ready to start and take over the DNS duties.

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved

Preserve the original dnsmasq config file, which has a lot of useful information:

sudo mv /etc/dnsmasq.conf{,.orig}

Now create the dnsmasq config file

dnsmasq config without hostapd

/etc/dnsmasq.conf

# don't send external traffic that is missing a domain
domain-needed
# don't send external traffic that has bogus private ip
bogus-priv
# set the local domain
domain=mylocalnet
local=/mylocalnet/
# listen on these interfaces and only these interfaces
listen-address=127.0.0.1
bind-interfaces
# don't read /etc/resolv.conf
no-resolv

# define what to do if no name resolution
# all dns queries use pihole dns server
server=127.53.0.1

# send dnsmasq logs to a single place
log-facility=/var/log/dnsmasq.log

dnsmasq config with hostapd

/etc/dnsmasq.conf

# don't send external traffic that is missing a domain
domain-needed
# don't send external traffic that has bogus private ip
bogus-priv
# set the local domain
domain=mynet
local=/mynet/
# listen on these interfaces and only these interfaces
listen-address=127.0.0.1
listen-address=192.168.10.1
bind-interfaces
# don't read /etc/resolv.conf
no-resolv
# define range of IP addresses to hand out
dhcp-range=192.168.10.100,192.168.10.150,255.255.255.0,24h

# define what to do if no name resolution
# all dns queries use pihole dns server
server=127.53.0.1

## to specify different upstream dns for each network,
## can specify server in the following form:
## server=<dest-ip>/<src-ip>
## use PiHole for local DNS queries
#server=127.53.0.1/127.0.0.1
## use Google DNS for hostapd queries
#server=8.8.8.8/192.168.0.1

# send dnsmasq logs to a single place
log-facility=/var/log/dnsmasq.log

Now we are ready to start up dnsmasq:

sudo systemctl enable dnsmasq
sudo systemctl start dnsmasq

Set Preferred DNS Nameservers

You can set your preferred DNS nameserver using your DHCP software. Depending on what DHCP service you are using, you edit different configuration files. We cover two DHCP programs below.

why not edit resolv.conf directly

It would be super convenient if we could just edit resolv.conf directly, ourselves, and set it to something sensible, and that would be that.

Unfortunately everybody's a control freak so different programs will just completely overwrite resolv.conf, or make it a symbolic link to another file, who knows there's no telling. So instead of modifying the file directly, we have to edit config files for programs that edit the file.

dhcpcd

BOOOOO STOP USING DHCPCD GET OFF THE STAGE YOU SHOULD FEEL BAD

Set preferred nameservers by editing the dhcp configuration file:

/etc/dhcp/dhcpcd.conf

static domain_name_servers=8.8.8.8

dhclient

If using dhclient, set preferred DNS nameservers this way:

/etc/dhcp/dhclient.conf

prepend domain-name-servers 127.0.0.1;

Improved Logging

Dnsmasq configuration file has a log-facility option to control where logs go. Add this to the config file:

log-facility=/var/log/dnsmasq.log