# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.ĭhcp-range=192.168.111.50,192.168.111.100,12h # Dynamic range of IPs to make available to LAN PC and the lease time. # x.x.x.x is the destination LAN, yy is the CIDR notation (usually /24), and z.z.z.z is the host which will do the routing. # If your dnsmasq server is also doing the routing for your network, you can use option 121 to push a static route out. # dnsmasq will discard world requests to them, but the paranoid might like to close them and let the kernel handle them. # dnsmasq will open tcp/udp port 53 and udp port 67 to world to help with dynamic interfaces (assigning dynamic IPs). Doing so opens up tcp/udp port 53 to localhost and udp port 67 to world: Reason: Add instructions for IPv6 (Discuss in Talk:Dnsmasq)īy default dnsmasq has the DHCP functionality turned off, if you want to use it you must turn it on. To test if DNSSEC validation is working see DNSSEC#Testing. $ drill | grep "Query time" Query time: 2 msec $ drill | grep "Query time" Query time: 18 msec Running the command again will use the cached DNS IP and result in a faster lookup time if dnsmasq is setup correctly: To do a lookup speed test choose a website that has not been visited since dnsmasq has been started ( drill is part of the ldns package): Without this setting, you will have to add the domain to entries of /etc/hosts. Uncomment expand-hosts to add the custom domain to hosts entries: defined in your /etc/hosts file) as hostname.lan. In this example it is possible to ping a host/device (e.g. It is possible to add a custom domain to hosts in your (local) network: Now DNS queries will be resolved with dnsmasq, only checking external servers if it cannot answer the query from its cache. Also add no-resolv so dnsmasq does not needlessly read /etc/nf which only contains the localhost addresses of itself. The upstream DNS server addresses must then be specified in dnsmasq's configuration file as server= server_address. $ nmcli connection modify 'connection-name' ipv6.ignore-auto-dns yes $ nmcli connection modify 'connection-name' ipv6.dns-options trust-ad $ nmcli connection modify 'connection-name' ipv6.dns ::1 $ nmcli connection modify 'connection-name' ipv4.ignore-auto-dns yes $ nmcli connection modify 'connection-name' ipv4.dns-options trust-ad $ nmcli connection modify 'connection-name' ipv4.dns 127.0.0.1 Make sure to protect /etc/nf from modification as described in Domain name resolution#Overwriting of /etc/nf.Īlternatively, NetworkManager may be configured to automatically generate the /etc/nf file for a specific connection with the following commands: # Read configuration generated by openresolvįirst you must set localhost addresses as the only nameservers in /etc/nf: If the files do not exist rvice will fail to start.Įdit dnsmasq's configuration file to use openresolv's generated configuration : Run resolvconf -u so that the configuration files get created. # Write out dnsmasq extended configuration and resolv files If your network manager supports resolvconf, instead of directly altering /etc/nf, you can use openresolv to generate configuration files for dnsmasq.Įdit /etc/nf and add the loopback addresses as name servers, and configure openresolv to write out dnsmasq configuration: This can be done automatically by using openresolv or by manually specifying the DNS server address in dnsmasq's configuration. Since dnsmasq is a stub resolver not a recursive resolver you must set up forwarding to an external DNS server. This causes all queries to be sent to dnsmasq. See dnsmasq(8) for more options you might want to use.Īfter configuring dnsmasq, you need to add the localhost addresses as the only nameservers in /etc/nf. To validate DNSSEC load the DNSSEC trust anchors provided by the dnsmasq package and set the option dnssec:Ĭonf-file=/usr/share/dnsmasq/nf Set the number of cached domain names with cache-size= size (the default is 150 and the hard limit is 10000): It is recommended that you use a static LAN IP in this case. To use this computer to listen on its LAN IP address for other computers on the network. To set up dnsmasq as a DNS caching daemon on a single computer specify a listen-address directive, adding in the localhost IP address: Tip: To check configuration file(s) syntax, execute:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |