How to set up a simple DNS server for a local network
If this is your first time faced with the need to set up a DNS server for a local network under Linux, then this article is for you. The advantage of the proposed method is simplicity: the server can be configured in just a few minutes. But this method is most likely not suitable for production servers.
The author of the article spent several hours in the fight against errors, bugs and incomprehensible behavior of the system before getting a stable result.
Further, we will assume that there is a local network consisting of several hosts. The local network is configured, network access between hosts is available. The hosts have Ubuntu 18.04.4 LTS installed (not tested for other versions).
Step 1: Install the required packages
The following steps are performed on the host where the DNS server will be installed.
Install Dnsmasq:
sudo apt-get install dnsmasq
The following errors will appear during installation:
failed to create listening socket for port 53: Address already in use
FAILED to start up
Failed to start dnsmasq – A lightweight DHCP and caching DNS server.This is fine! We have not set up the server yet – the error is due to this.
Install resolvconf:
sudo apt-get install resolvconf
When installing, errors about the impossibility of starting Dnsmasq will be displayed again. This is fine.
The resolvconf package is installed so that the file
/etc/resolv.conf
when restarting the computer, the line was automatically writtennameserver 127.0.0.1
. This line shows which address you need to perform DNS queries to determine the IP addresses of domains.Why not just enter the correct address manually
When the system is restarted, the file
/etc/resolv.conf
automatically recreated. Therefore, if you manually enter the desired address into it, then the changes will be erased after the restart.By default, after a restart, the address is written to this file
127.0.0.53
which is used by the servicesystemd-resolve
. This service handles domain IP discovery for applications running on the same host as the service is running. But we plan to stop using this service and start usingdnsmasq
.Optional step. Install net-tools:
sudo apt-get install net-tools
This command installs a set of tools that will come in handy when testing.
Step 2: Set Up Packages
Edit the file
/etc/dnsmasq.conf
:sudo nano /etc/dnsmasq.conf
By default, all settings in this file are commented out. If you have any settings in this file, then comment them back and leave only those listed below. It is recommended to add and change settings after checking the correct operation of the DNS server.
no-resolv
This setting disables the loading of settings from
/etc/resolv.conf
. All settings will be taken from the edited file/etc/dnsmasq.conf
. This greatly simplifies the configuration of Dnsmasq, since the file/etc/resolv.conf
automatically recreated on system restart.server=8.8.8.8
8.8.8.8
is the address of the Google DNS server. This address can be replaced with any other public DNS server address. For example, to the address of your ISP’s DNS server or a previously used DNS server.Requests that Dnsmasq cannot process will be directed to this server.
listen-address=0.0.0.0
This setting will allow queries to Dnsmasq from other hosts.
bind-interfaces
Specifies a mode in which Dnsmasq does not bind to interfaces on which requests should not be processed. Without this setting in the proposed configuration option, the server does not work.
Add to file
/etc/hosts
required domains and their IP addresses.sudo nano /etc/hosts
For example:
1.2.3.4 myserver.tst
Please note that domain names consisting of a single name without a dot (for example,
myserver
) are not passed to the DNS server by default. Requests for such names are processed by default only through a local file/etc/hosts
. So if the file/etc/hosts
on the host with the Dnsmasq service, write the following line:2.3.4.5 myserver
then the IP address of the domainmyserver
will only be defined on the host with the Dnsmasq service. On other hosts, the IP address of this domain will not be determined, since requests to the host with Dnsmasq will not be sent.Optional step. If you don’t want to
systemd-resolve
listened to the address127.0.0.53:53
then run the command:sudo nano /etc/systemd/resolved.conf
In the file that opens, write the line:
DNSStubListener=no
The address
127.0.0.53:53
is not used in the proposed configuration option and can be disabled.Restart machine:
shutdown -r now
Step 3Configure the DNS servers to use
This setting is performed on all client hosts from which requests will be sent to the host with the Dnsmasq service.
The easiest way to configure the DNS servers to use is in the GUI. Specify the address of the host where Dnsmasq is installed as the first in the list:
Step 4Testing the DNS Server Locally
You may or may not want to check the settings. But if you are interested in knowing if everything is working correctly, then run the following commands on the host with the Dnsmasq service.
Check what’s in the file
/etc/resolve.conf
registered address127.0.0.1
:cat /etc/resolve.conf
Run the command:
sudo netstat -tulpen
You should see that the address
0.0.0.0:53
busy with Dnsmasq, and the address127.0.0.53:53
does not appear in the list.Run the command:
dig ya.ru
You should get output that contains something like this. There must be no characters at the beginning of the line
;
.ya.ru. 220 IN A 87.250.250.242
Run the command:
dig myserver.tst
You should get output that looks like this:
myserver.tst. 0 IN A 1.2.3.4
Step 5Testing the DNS Server from Other Hosts
Now you can check the DNS server from other hosts.
Follow steps 3 and 4 from the previous section. The console output should be similar to the output in the previous section.
Additional Information
Open if something went wrong
The following command prints to the console all queries running on port 53 in real time. This helps to determine if the queries are running.
sudo tcpdump -l port 53
It is logical to execute this command in another terminal – not in the one into which the commands to be checked are entered.
Please note that DNS queries are also cached by the service systemd-resolvedand service dnsmasq. To reset the cache, the easiest way is to restart the service in use:
sudo systemctl restart dnsmasq
(on server host)sudo systemctl restart systemd-resolved
(on client hosts)
Conclusion
In this article, we looked at how you can relatively quickly set up a DNS server for a local network under Linux. If you know any other tricks for setting up a DNS server, write about it in the comments.