Ubuntu/Bespin/DNS
From charlesreid1
Up: Ubuntu/Bespin
Previous: Ubuntu/Bespin/PIA
Next: Ubuntu/Bespin/PiHole
This page covers the installation of dnsmasq to provide DHCP and DNS services.
Contents
Install dnsmasq
Start by installing dnsmasq with apt-get:
sudo apt-get -y install dnsmasq
This will try to start dnsmasq, but it will fail and print red text. This is fine - the system's built-in systemd-resolved is already listening on port 53 so we will need to disable this service.
ORDER IS IMPORTANT! We need dnsmasq installed FIRST, because disabling systemd-resolved will cause DNS queries to fail, so the internet connection will break. We need dnsmasq ready to start and take over the DNS duties.
sudo systemctl disable systemd-resolved sudo systemctl stop systemd-resolved
Preserve the original dnsmasq config file, which has a lot of useful information:
sudo mv /etc/dnsmasq.conf{,.orig}
Now create the dnsmasq config file
dnsmasq config without hostapd
/etc/dnsmasq.conf
# don't send external traffic that is missing a domain domain-needed # don't send external traffic that has bogus private ip bogus-priv # set the local domain domain=mylocalnet local=/mylocalnet/ # listen on these interfaces and only these interfaces listen-address=127.0.0.1 bind-interfaces # don't read /etc/resolv.conf no-resolv # define what to do if no name resolution # all dns queries use pihole dns server server=127.53.0.1 # send dnsmasq logs to a single place log-facility=/var/log/dnsmasq.log
dnsmasq config with hostapd
/etc/dnsmasq.conf
# don't send external traffic that is missing a domain domain-needed # don't send external traffic that has bogus private ip bogus-priv # set the local domain domain=mynet local=/mynet/ # listen on these interfaces and only these interfaces listen-address=127.0.0.1 listen-address=192.168.10.1 bind-interfaces # don't read /etc/resolv.conf no-resolv # define range of IP addresses to hand out dhcp-range=192.168.10.100,192.168.10.150,255.255.255.0,24h # define what to do if no name resolution # all dns queries use pihole dns server server=127.53.0.1 ## to specify different upstream dns for each network, ## can specify server in the following form: ## server=<dest-ip>/<src-ip> ## use PiHole for local DNS queries #server=127.53.0.1/127.0.0.1 ## use Google DNS for hostapd queries #server=8.8.8.8/192.168.0.1 # send dnsmasq logs to a single place log-facility=/var/log/dnsmasq.log
Now we are ready to start up dnsmasq:
sudo systemctl enable dnsmasq sudo systemctl start dnsmasq
Set Preferred DNS Nameservers
You can set your preferred DNS nameserver using your DHCP software. Depending on what DHCP service you are using, you edit different configuration files. We cover two DHCP programs below.
why not edit resolv.conf directly
It would be super convenient if we could just edit resolv.conf directly, ourselves, and set it to something sensible, and that would be that.
Unfortunately everybody's a control freak so different programs will just completely overwrite resolv.conf, or make it a symbolic link to another file, who knows there's no telling. So instead of modifying the file directly, we have to edit config files for programs that edit the file.
dhcpcd
BOOOOO STOP USING DHCPCD GET OFF THE STAGE YOU SHOULD FEEL BAD
Set preferred nameservers by editing the dhcp configuration file:
/etc/dhcp/dhcpcd.conf
static domain_name_servers=8.8.8.8
dhclient
If using dhclient, set preferred DNS nameservers this way:
/etc/dhcp/dhclient.conf
prepend domain-name-servers 127.0.0.1;
Improved Logging
Dnsmasq configuration file has a log-facility option to control where logs go. Add this to the config file:
log-facility=/var/log/dnsmasq.log