On Your Local Network, How to Run Your Own DNS Server

0 0 2021-11-14T21:54:00-08:00 Edit this post

Running your own DNS server is a wonderful method to improve the responsiveness of your network, reduce your dependency on public infrastruc...


Running your own DNS server is a wonderful method to improve the responsiveness of your network, reduce your dependency on public infrastructure, and gain access to additional features like hostname routing. Dnsmasq is used to set up a DNS server on a Linux workstation.

What Is DNS?

DNS is the system that converts a domain name such as example.com into a server's numerical IP address. 127.0.0.1 is a possible example. When you use a domain name in a network request, your system will do a DNS lookup to determine which server address to contact.

Every request you make will incur an additional cost as a result of this. Despite the fact that your device caches DNS replies, new domain visits will require a DNS round-trip before the actual request can begin. This happens at the level of the operating system's networking stack, and it's completely transparent to you as a user.

DNS servers are typically run by ISPs. If you're using default settings on your router and devices, you're probably relying on your ISP's server. Cloudflare and Google, for example, offer additional public DNS servers.

Why Run Your Own DNS?

You have more control over your network if you run your own DNS server. The ability to specify network-level domain mappings, such as web-server to 192.168.0.101, is a popular motivation. If you set up your router to use your DNS, any of your connected devices will be able to connect to 192.168.0.101 using http://web-server.

Instead of applying settings individually in /etc/hosts on each device, having your own DNS server allows you to consolidate them in one place. They'll apply to everything you connect to your network, including embedded hardware that doesn't allow you to change its routing stack in any other manner.

An in-house DNS server can also boost performance and add a degree of protection. Wide-scale DNS outages aren't uncommon, so using a custom server with a long-lived cache for important services you need could help you get through any downtime at your upstream provider.

DNS With Dnsmasq

Dnsmasq is a small DNS server that comes with almost all Linux distributions. It's also surprisingly easy to set up.

It's a good idea to consider what features you'll need from your DNS server before you get started. We'll set up Dnsmasq with local caching, custom domain routes, and Google's 8.8.8.8 as our upstream DNS provider in this article.

This is how the routing flow will look:

  • One of your linked devices sends a request to your network router. The Dnsmasq host will be configured as the router's DNS server.
  • Dnsmasq will check if the domain name has a defined route, such as web-server to 192.168.0.101. If the request was for http://web-server/example-page, the router will receive 192.168.0.101.
  • When Dnsmasq doesn't find a match, it sends the DNS request to Google's 8.8.8.8, allowing for public internet resolution. When utilising your own DNS, this ensures that you can still access the rest of the internet.

Your client devices will not require any configuration adjustments. Dnsmasq will be used by everything behind your router to do DNS requests. It's worth mentioning, though, that all major desktop and mobile operating systems allow you to specify a DNS server, so you could utilise Dnsmasq on individual devices without enabling it at the router level.

Getting Started

We'll presume you already have a working Linux system that can run Dnsmasq. Dnsmasq isn't especially resource-intensive, thus it can easily run on a Raspberry Pi if you only have a few client devices.

A static IP address should be assigned to your server. The IP 192.168.0.1 is now used to refer to the Dnsmasq server.

Ensure that Dnsmasq is running:

  • [message]
    • # Assuming a Debian system
    • apt update
    • apt install dnsmasq

The config file for Dnsmasq is normally found at /etc/dnsmasq.conf. Initial settings are pre-populated in this field. For Dnsmasq to work properly in a local network context, several adjustments are required. To open the file, type sudo nano /etc/dnsmasq.conf, then use the Ctrl+W keyboard shortcut to locate and uncomment the following lines:

  • [message]
    • #domain-needed
    • #bogus-priv

Remove the # from the beginning of each line. Here's what these options allow you to do:

  • domain-needed – This prevents Dnsmasq from transmitting local names to the upstream DNS server without a domain part. In our setup, this means that example.com will be eligible for Google resolution, but neither example nor web-server will. For your local network, it saves dot-free names.
  • bogus-priv — Prevents DNS reverse-lookup queries from being forwarded to the upstream DNS server. Internal IP addresses such as 192.168.0.101 will never be exposed to Google. If you don't enable this, your upstream provider may unwittingly learn about the architecture of your internal network.

Add the following line to your config file to specify your upstream DNS server:

  • [message]
    • server=8.8.8.8
    • server=4.4.4.4

Dnsmasq will now route unresolved queries to 8.8.8.8. 4.4.4.4 will be utilised instead if that server is unavailable. The primary and secondary resolvers for Google's DNS service are these addresses.

After that, change the cache size. This is set at a low value of 150 cached requests by default. Dnsmasq will be able to provide more lookups from the cache if this value is increased, lowering network latency. Uncomment the cache-size line and modify its value to:

  • [message]
    • cache-size=1000

Now is the time to save and close the file.

Mapping Hostnames to IPs

There are several methods for mapping hostnames to IP addresses. The simplest method is to modify the existing /etc/hosts file on your server. As part of its default configuration, Dnsmasq loads the rules from this file.

Add your routes to the bottom of the file /etc/hosts. The IP address is given first, then the name to be assigned:

  • [message]
    • 192.168.0.101 web-server
    • 192.168.0.105 gateway.lan

Any request to http://web-server will be forwarded to 192.168.0.101, whilst http://gateway.lan would be forwarded to 192.168.0.5. When you've completed mapping your devices, save and close the file.

Testing Your Server

Restart Dnsmasq to apply all your changes:

  • [message]
    • sudo service dnsmasq restart

Check the server’s running correctly:

  • [message]
    • sudo service dnsmasq status

Active (running) should be represented in green. If you don't know what's wrong, look at the log lines at the bottom of the status report.


You're now ready to put your server to the test. With the dig tool, you may perform manual DNS lookups. It's possible that you'll need to install the dnsutils package first.

  • [message]
    • dig google.com @localhost
    • dig gateway.lan @localhost

In the ANSWER SECTION of both of these instructions, there should be an IP address. According to the routing rule set up in /etc/hosts, the result for gateway.lan should be 192.168.0.5. Dig is instructed to query your local DNS server by the @localhost component of the commands.

Configuring Your Network

The final step is to set your network router to use your Dnsmasq server for DNS lookups.

Set your server's IP (192.168.0.1 in this example) as the router's primary DNS server once you've found the relevant settings page. It's a good idea to use a public DNS provider as the secondary server, such as Google's 8.8.8.8. If your DNS server fails and goes offline, you'll still be able to access the internet.

All devices connected to your router will now use your Dnsmasq instance to conduct DNS requests. They'll be able to find your devices using their allocated names, such as web-server and gateway.lan, and take use of DNS caching at the network level.

Conclusion

DNS is a complicated issue, however Dnsmasq makes it simple to set up a basic server. Once you've gotten the basic functions running, there are a slew of other options to investigate. Filter queries, manage relays and proxies, run scripts when events happen, and set up other types of DNS records, such as MX results for mail servers, with these.

Once Dnsmasq is up and running, it rarely requires any manual intervention. Service dnsmasq status or systemctl status dnsmasq can be used to keep track of logs. Now you can take advantage of your self-hosted DNS server, which will improve performance and allow you to reach local network devices using internal domain names.

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Name

2023,2,Ai,2,AlmaLinux 9,3,Amazon Linux,5,Apache Web Server,1,AppImage,1,Arduino IDE,1,Artificial Intelligence,2,BalenaEtcher,1,Bitcoin,1,Blockchain Data,1,Bookworm,2,Bootable USB,1,C++,1,centos,1,CentOS 8,1,CentOS Stream,1,CMake,1,CockroachDB,2,cuDNN,1,Database Security,1,Debian,2,Debian 10,2,Debian 11,2,Debian 12,9,DNS,1,Docker,1,E-commerce,1,Fail2ban,1,Fedora Linux,1,Firefox 118,1,FreeIPA Server,1,Function,1,Game Projects,1,Git,3,Google PageSpeed,1,How to,5,How to Install,9,HTTPS,1,Introduction,1,Iptables,1,ISO Image,1,KVM,1,Laravel,1,Let's Encrypt SSL,1,Linux,4,Linux 6.4,1,Linux Kernel 6.5,1,Linux Mint,1,Linux Server,1,Linux-Based Systems,1,Mageia 9,1,Magento,1,MariaDB,1,Media Server,1,ModSecurity,1,New Features,1,Nextcloud,2,NGINX,2,Nvidia CUDA,1,odoo,1,Oracles,1,Performance,1,PHP Zip Module,1,pip,1,Plex,1,Port Forwarding,1,postgresql,2,Privacy,1,Programming,1,Pylint,1,python,5,Python 3.10,2,Quantum,1,Quantum Computers,1,Remote Branch,1,Renew,1,RHEL,1,Rocky Linux 9,2,Rufus,1,Shadow Password,1,SQLite,1,SSH,1,SSH key,1,SSH Keys,1,Step-by-Step,4,SuiteCRM,1,SUSE Linux,1,Syslog,1,System,1,Testing,1,Top 10,1,Translation,1,Ubuntu,1,Ubuntu 18.04,1,Ubuntu 20.04,5,Ubuntu 22.10,1,Ubuntu 23.04,1,Ubuntu Server,1,Ubuntu Upgrade,1,unsupported,1,Up-to-Date,1,Upgrade,1,Visual Studio Code,1,Vivaldi 6.2,1,Web 3.0,1,Web Hosting Security,1,Web Security,1,Webmin,1,What's New,1,Windows 11,1,
ltr
item
Linux code EDU: On Your Local Network, How to Run Your Own DNS Server
On Your Local Network, How to Run Your Own DNS Server
https://blogger.googleusercontent.com/img/a/AVvXsEiw37F0D-1JFFxeRc8wSvm0Vl_W3IY-BvnuAN-v08TiAW5VuUd7ebRESQWjguG5Ggympetjv3VwccVvfm2Q-tl3c96EKB8IVjbCg4S3pW2p1ySt5V2wTPcgArx-mSTQ3OKc5_m9Yajzx0hY87syq-8CIuOQqv6-pxS8CdTnMGt5IY_jGYv3-Okmt3Jr8w=w640-h424
https://blogger.googleusercontent.com/img/a/AVvXsEiw37F0D-1JFFxeRc8wSvm0Vl_W3IY-BvnuAN-v08TiAW5VuUd7ebRESQWjguG5Ggympetjv3VwccVvfm2Q-tl3c96EKB8IVjbCg4S3pW2p1ySt5V2wTPcgArx-mSTQ3OKc5_m9Yajzx0hY87syq-8CIuOQqv6-pxS8CdTnMGt5IY_jGYv3-Okmt3Jr8w=s72-w640-c-h424
Linux code EDU
https://linuxcodeedu.blogspot.com/2021/11/on-your-local-network-how-to-run-your.html
https://linuxcodeedu.blogspot.com/
https://linuxcodeedu.blogspot.com/
https://linuxcodeedu.blogspot.com/2021/11/on-your-local-network-how-to-run-your.html
true
6096992636254302192
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content