How to set up a simple DNS server for a local network

If this is your first time faced with the need to set up a DNS server for a local network under Linux, then this article is for you. The advantage of the proposed method is simplicity: the server can be configured in just a few minutes. But this method is most likely not suitable for production servers.

The author of the article spent several hours in the fight against errors, bugs and incomprehensible behavior of the system before getting a stable result.

Further, we will assume that there is a local network consisting of several hosts. The local network is configured, network access between hosts is available. The hosts have Ubuntu 18.04.4 LTS installed (not tested for other versions).

Step 1: Install the required packages

The following steps are performed on the host where the DNS server will be installed.

  1. Install Dnsmasq:

    sudo apt-get install dnsmasq

    The following errors will appear during installation:

    failed to create listening socket for port 53: Address already in use
    FAILED to start up
    Failed to start dnsmasq – A lightweight DHCP and caching DNS server.

    This is fine! We have not set up the server yet – the error is due to this.

  2. Install resolvconf:

    sudo apt-get install resolvconf

    When installing, errors about the impossibility of starting Dnsmasq will be displayed again. This is fine.

    The resolvconf package is installed so that the file /etc/resolv.conf when restarting the computer, the line was automatically written nameserver 127.0.0.1 . This line shows which address you need to perform DNS queries to determine the IP addresses of domains.

    Why not just enter the correct address manually

    When the system is restarted, the file /etc/resolv.conf automatically recreated. Therefore, if you manually enter the desired address into it, then the changes will be erased after the restart.

    By default, after a restart, the address is written to this file 127.0.0.53which is used by the service systemd-resolve. This service handles domain IP discovery for applications running on the same host as the service is running. But we plan to stop using this service and start using dnsmasq.

  3. Optional step. Install net-tools:

    sudo apt-get install net-tools

    This command installs a set of tools that will come in handy when testing.

Step 2: Set Up Packages

  1. Edit the file /etc/dnsmasq.conf:

    sudo nano /etc/dnsmasq.conf

    By default, all settings in this file are commented out. If you have any settings in this file, then comment them back and leave only those listed below. It is recommended to add and change settings after checking the correct operation of the DNS server.

    1. no-resolv

      This setting disables the loading of settings from /etc/resolv.conf. All settings will be taken from the edited file /etc/dnsmasq.conf . This greatly simplifies the configuration of Dnsmasq, since the file /etc/resolv.conf automatically recreated on system restart.

    2. server=8.8.8.8

      8.8.8.8 is the address of the Google DNS server. This address can be replaced with any other public DNS server address. For example, to the address of your ISP’s DNS server or a previously used DNS server.

      Requests that Dnsmasq cannot process will be directed to this server.

    3. listen-address=0.0.0.0

      This setting will allow queries to Dnsmasq from other hosts.

    4. bind-interfaces

      Specifies a mode in which Dnsmasq does not bind to interfaces on which requests should not be processed. Without this setting in the proposed configuration option, the server does not work.

  2. Add to file /etc/hosts required domains and their IP addresses.

    sudo nano /etc/hosts

    For example:

    1.2.3.4 myserver.tst

    Please note that domain names consisting of a single name without a dot (for example, myserver) are not passed to the DNS server by default. Requests for such names are processed by default only through a local file /etc/hosts . So if the file /etc/hosts on the host with the Dnsmasq service, write the following line: 2.3.4.5 myserverthen the IP address of the domain myserver will only be defined on the host with the Dnsmasq service. On other hosts, the IP address of this domain will not be determined, since requests to the host with Dnsmasq will not be sent.

  3. Optional step. If you don’t want to systemd-resolve listened to the address 127.0.0.53:53then run the command:

    sudo nano /etc/systemd/resolved.conf

    In the file that opens, write the line:

    DNSStubListener=no

    The address 127.0.0.53:53 is not used in the proposed configuration option and can be disabled.

  4. Restart machine:

    shutdown -r now

Step 3Configure the DNS servers to use

This setting is performed on all client hosts from which requests will be sent to the host with the Dnsmasq service.

The easiest way to configure the DNS servers to use is in the GUI. Specify the address of the host where Dnsmasq is installed as the first in the list:

Step 4Testing the DNS Server Locally

You may or may not want to check the settings. But if you are interested in knowing if everything is working correctly, then run the following commands on the host with the Dnsmasq service.

  1. Check what’s in the file /etc/resolve.conf registered address 127.0.0.1:

    cat /etc/resolve.conf

  2. Run the command:

    sudo netstat -tulpen

    You should see that the address 0.0.0.0:53 busy with Dnsmasq, and the address 127.0.0.53:53 does not appear in the list.

  3. Run the command:

    dig ya.ru

    You should get output that contains something like this. There must be no characters at the beginning of the line ;.

    ya.ru. 220 IN A 87.250.250.242

  4. Run the command:

    dig myserver.tst

    You should get output that looks like this:

    myserver.tst. 0 IN A 1.2.3.4

Step 5Testing the DNS Server from Other Hosts

Now you can check the DNS server from other hosts.

Follow steps 3 and 4 from the previous section. The console output should be similar to the output in the previous section.

Additional Information

Open if something went wrong

  1. The following command prints to the console all queries running on port 53 in real time. This helps to determine if the queries are running.

    sudo tcpdump -l port 53

    It is logical to execute this command in another terminal – not in the one into which the commands to be checked are entered.

  2. Please note that DNS queries are also cached by the service systemd-resolvedand service dnsmasq. To reset the cache, the easiest way is to restart the service in use:

    sudo systemctl restart dnsmasq (on server host)

    sudo systemctl restart systemd-resolved(on client hosts)

Conclusion

In this article, we looked at how you can relatively quickly set up a DNS server for a local network under Linux. If you know any other tricks for setting up a DNS server, write about it in the comments.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *