Note

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "Package:Dnsmasq"

From Funtoo
Jump to navigation Jump to search
m (more details)
m (link changed)
 
(7 intermediate revisions by 2 users not shown)
Line 11: Line 11:


=== Configuration ===
=== Configuration ===
{{note|When using NetworkManager with dhcp use dhcp for addresses only, and tell it 127.0.0.1 is your dns}}
{{c|/etc/dnsmasq.conf}} is where most of dnsmasq's configuration is done.  It's file is well commented, and ready for several scenarios.  
{{c|/etc/dnsmasq.conf}} is where most of dnsmasq's configuration is done.  It's file is well commented, and ready for several scenarios.  


Line 25: Line 26:


To listen to a DNS server on an alternate port:
To listen to a DNS server on an alternate port:
In this example we'll install {{package|dnscrypt-proxy}}:
In this example we'll install {{package|net-dns/dnscrypt-proxy}}:
{{file|name=/etc/dnsmasq.conf|lang=|desc=insert local dns only configs at the bottom of the dnsmasq.conf file.|body=
{{file|name=/etc/dnsmasq.conf|lang=|desc=insert local dns only configs at the bottom of the dnsmasq.conf file.|body=
...
...
#resolv-file=/etc/resolv.dnsmasq.conf
#resolv-file=/etc/resolv.dnsmasq.conf
server=127.0.0.1#2053
server=127.0.0.1#53000
listen-address=127.0.0.1
listen-address=127.0.0.1
}}
}}
Line 46: Line 47:
==== DNS only ====
==== DNS only ====
{{package|net-dns/bind-tools}} contains dns testing utilities.  To verify that dns requests are returned from the local server:  emerge bind-tools, then run:
{{package|net-dns/bind-tools}} contains dns testing utilities.  To verify that dns requests are returned from the local server:  emerge bind-tools, then run:
{{console|body=###i## dig google.com {{!}} grep -i server
{{console|body=###i## dig google.com}}
 
Make sure it returns something similar, the ip address for googles upstream server(s) will probably be different.
{{console|body=
...
;; ANSWER SECTION:
google.com. 299 IN A 216.58.216.206
...
;; SERVER: 127.0.0.1#53(127.0.0.1)}}
;; SERVER: 127.0.0.1#53(127.0.0.1)}}
=== Hosts ===
winhelp2002.mvps.org has a hosts file that blocks advertisements and malicious domains.  The hosts file is updated periodically so you may wish to make a cronjob to fetch the hosts file.
To install mvps' host file:
{{console|body=
###i## mkdir /etc/dnsmasq.hosts
###i## curl https://winhelp2002.mvps.org/hosts.txt > /etc/dnsmasq.hosts/blocklist}}
{{file|name=/etc/dnsmasq.conf|lang=|desc=read alternate host sources, and cache them for an hour.|body=
...
addn-hosts=/etc/dnsmasq.hosts/
local-ttl=3600
}}


{{PageNeedsUpdates}}
{{PageNeedsUpdates}}
{{EbuildFooter}}
{{EbuildFooter}}

Latest revision as of 10:35, October 13, 2020

Dnsmasq

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

   Warning

As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.

Dnsmasq is a dns cache, dhcp, and pxe server. This package is lightweight, and will work well for individual computers, or small lans.

Installation

root # emerge net-dns/dnsmasq

Configuration

   Note

When using NetworkManager with dhcp use dhcp for addresses only, and tell it 127.0.0.1 is your dns

/etc/dnsmasq.conf is where most of dnsmasq's configuration is done. It's file is well commented, and ready for several scenarios.

DNS only

   Important

place other upstream dns servers in /etc/resolv.dnsmasq.conf with your preferred DNS server at the top of the list. The first console command in the block will wipe out existing /etc/resolv.dnsmasq.conf settings, back them up if you have anything important in them.

root # echo "nameserver 8.8.8.8" > /etc/resolv.dnsmasq.conf
   /etc/dnsmasq.conf - insert local dns only configs at the bottom of the dnsmasq.conf file.
...
resolv-file=/etc/resolv.dnsmasq.conf
listen-address=127.0.0.1

To listen to a DNS server on an alternate port: In this example we'll install net-dns/dnscrypt-proxy:

   /etc/dnsmasq.conf - insert local dns only configs at the bottom of the dnsmasq.conf file.
...
#resolv-file=/etc/resolv.dnsmasq.conf
server=127.0.0.1#53000
listen-address=127.0.0.1

Now your localhost / 127.0.0.1 is your primary DNS to point net connection scripts to. This is the point of no return command. Start the service before you run this, and be prepaired to test with dig that it's pulling up servers through dnsmasq.

root # echo "nameserver 127.0.0.1" > /etc/resolv.conf

This is the revert to known working DNS servers command:

root # echo "nameserver 8.8.8.8" > /etc/resolv.conf

Runtime

root # rc-update add dnsmasq default
root # rc

Testing

DNS only

net-dns/bind-tools contains dns testing utilities. To verify that dns requests are returned from the local server: emerge bind-tools, then run:

root # dig google.com

Make sure it returns something similar, the ip address for googles upstream server(s) will probably be different.

...
;; ANSWER SECTION:
google.com.		299	IN	A	216.58.216.206
...
;; SERVER: 127.0.0.1#53(127.0.0.1)

Hosts

winhelp2002.mvps.org has a hosts file that blocks advertisements and malicious domains. The hosts file is updated periodically so you may wish to make a cronjob to fetch the hosts file.

To install mvps' host file:

root # mkdir /etc/dnsmasq.hosts 
root # curl https://winhelp2002.mvps.org/hosts.txt > /etc/dnsmasq.hosts/blocklist
   /etc/dnsmasq.conf - read alternate host sources, and cache them for an hour.
...
addn-hosts=/etc/dnsmasq.hosts/
local-ttl=3600