This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Networking

Enhance your DNS and DHCP services with dnsmasq

By Keith R. Fieldhouse on October 03, 2008 (7:00:00 PM)

Share    Print    Comments   

When a network is small and most of its users interact chiefly with services on the Internet at large, it's easy to get by simply by assigning numeric Internet Protocol addresses to your nodes rather than names. As the network grows, however, and as internal services (wikis, mail servers, media servers, and more) come online, recalling numeric addresses becomes unwieldy. One solution is to implement Domain Name Server (DNS) and Dynamic Host Configuration Protocol (DHCP) with dnsmasq, and thereby cache external DNS addresses for performance reasons, dynamically assign IP addresses to all of the members of your network, and manage everything from one location. This article shows you how.

Most home and small business networks are built using Network Address Translation and a non-routable IP address ranges. The administrator of the network simply configures each new machine with the next available IP address in the range being used (e.g. 192.168.168.*). But since these nodes are on a private network, the organization's public DNS servers don't know about them. Users of the network must use difficult-to-remember numerical IP addresses to access internal network services.

To avoid this, you can install dnsmasq and configure it to know about all of the nodes on your network, and supply that information as a DNS server. To simplify things you can also configure dnsmasq to supply each node with an IP address using the DHCP protocol. Finally, for situations where you require that a particular system has a fixed IP address, you can configure dnsmasq's DHCP server to supply that IP address based on the system's Media Access Control (MAC) or hardware address. This way all of the IP configuration information for the LAN can be kept in one place.

Installing dnsmasq is straightforward. Building from source is a matter of running make ; make install, but most Linux distributions include dnsmasq as an installable package. Open source firmware for routers, such as OpenWRT and Tomato, also include dnsmasq, so you can combine your DNS, DHCP, and routing functions on a single box.

On a typically configured system, once dnsmasq is started, it is prepared to act as a DNS server for the rest of your network. When a DNS lookup request comes in, dnsmasq first looks in its /etc/hosts file to see if an entry there matches the request. If so, dnsmasq will respond with the appropriate IP address. If /etc/hosts looks like:

192.168.168.5 haggard.example.com haggard 192.168.168.6 grant.example.com grant 192.168.168.7 dent.example.com dent

And a request comes in for grant.example.com, dnsmasq will respond with 192.168.168.6.

If there is not a match in /etc/hosts, dnsmasq forwards the request to any of the "real" name servers found in /etc/resolv.conf. On a Linux system, /etc/resolv.conf looks like:

nameserver 24.21.23.54 nameserver 15.16.17.18

Note that you can mask real external domain names with entries in /etc/hosts since /etc/hosts entries take priority.

Once you've set up the dnsmasq system this way, you can enter its IP address as the Domain Name Server on any of the other systems on your network, and they will then be able to use host names instead of IP addresses to access TCP/IP network resources. As an added benefit, after dnsmasq retrieves an address from an Internet DNS server, it caches the result and uses that value to respond to further requests for that address, with the resulting performance improvement.

Once you have basic DNS services set up for your network, your attention may turn to other aspects of configuring your network. If you have a laptop that joins several networks, it may be convenient to have it configured automatically when it joins your network. Installing new systems or setting up the next generation of network-based multimedia devices is likewise easier if those systems can simply be supplied their network information automatically when they boot.

Dnsmasq has a built-in DHCP server that integrates well with its DNS capabilities. Because of this, even if you are already using a DHCP server (for example, from your router) you may wish to disable it and use dnsmasq's services instead.

To enable DHCP in dnsmasq, edit the dnsmasq.conf file (typically found in /etc on most Linux distributions). Search for dhcp-range, which you will probably find on a commented-out line. Edit the line to look something like this:

dhcp-range=192.168.168.200,192.168.168.250,12h

With this setting, dnsmasq will assign IP addresses from a pool between the addresses 192.168.168.200 and 192.168.168.250. You should not use any addresses in this range when you assign IP addresses yourself. The 12h at the end of the line sets the "lease" time for each address to 12 hours. This simply means that the lease is reserved for 12 hours and that if a system requires the use of the address for more time than that, it must request a renewal.

You should also set the domain field to a domain that you use. You can make one up if you don't intend to try to get to "real" servers in that domain. The easiest thing to do is use a domain that you have registered. To use example.com as a domain, for example, you'd make sure that there's a line in your dnsmasq.conf file that reads:

domain=example.com

Finally, if the system you're running dnsmasq on is not your network's default router, you'll need to make one other change. Search for the keyword dhcp-option in the dnsmasq.conf file. Add an uncommented line like the following:

dhcp-option=3,192.168.168.1

The "3" indicate that the "default route" option is being set. This line tells the DHCP server to tell any clients that are assigned an IP address that their default router is at 192.168.168.1 (substitute the address of the default router on your network). Restart dnsmasq, and from then on, when a system joins your network, dnsmasq will give it the next available address in the specified range of IP addresses, and assign the appropriate default route.

There are times when it's desirable to have a machine that gets its network configuration via DHCP get the same IP address each time it requests one. It may be desirable to give a laptop a fixed address and name to facilitate file transfers and backups, for example.

You can do this using a hardware or MAC address. This is a unique identifier assigned to devices that participate in an Ethernet network. When a request for a DHCP address is broadcast, it is broadcast with the device's MAC address. This address takes the form of six groups of two hexadecimal digits -- for example, 00:04:5A:84:EA:8D. Don't confuse the MAC address with the IP address of a system. If you replace the Ethernet card on a computer, its MAC address will change but its IP address will likely stay the same.

There are several ways to determine the MAC address of a device. Often it is printed near the Ethernet port. On a Linux system, the ifconfig command will display information about the Ethernet devices on the system, labeled as the "HWADDR." If all else fails you can monitor syslog on the system on which dnsmasq is running. When the system you are interested in requests a DHCP address, its MAC address will be logged.

Once you know the system's MAC address you can use it to assign it an IP address and domain name. In dnsmasq.conf look for dhcp-host. Let's say that you want to assign the system with the MAC address 00:04:5A:84:EA:8D the IP address 192.168.168.12 and the name "Howard." Add an entry to the dnsmasq file that looks like this:

dchp-host=00:04:5A:84:EA:8D,192.168.168.12,howard

Then configure that machine to use DHCP and restart dnsmasq.

You can add as many dhcp-host lines as you wish. In fact, you may find it convenient to assign all of your fixed IP addresses using this mechanism rather than individually configuring the systems. This allows you to keep all of the address information on your network in one place (the dnsmasq.conf file). It also allows network configurations to persist through OS reinstalls on the clients.

Once you've configured dnsmasq as described here you will have gone a long way toward enhancing your network and moving from an ad-hoc assemblage of systems to a well-managed easily expanded resource.

Share    Print    Comments   

Comments

on Enhance your DNS and DHCP services with dnsmasq

Note: Comments are owned by the poster. We are not responsible for their content.

Enhance your DNS and DHCP services with dnsmasq

Posted by: Anonymous [ip: 64.235.203.96] on October 03, 2008 08:40 PM
Good article. It's been some time since I'm thinking of using dnsmasq like that.
I have a question, what's the difference between writing "howard" at the end of dchp-host entries in dnsmasq.conf and using that name only in the /etc/hosts file like
"192.168.168.12 howard.example.com howard" ?

#

Re: Enhance your DNS and DHCP services with dnsmasq

Posted by: kfieldho on October 03, 2008 11:45 PM
By putting "howard" at the end of dhcp-host you've made it possible for that particular system to get it's "hostname" from the DHCP response (along with it's IP address). Also, as I alluded in the article, you may find it convenient that all of the Host/IP information is in one place -- the dnsmasq.conf file.

#

Bad link

Posted by: Anonymous [ip: 195.168.244.191] on October 03, 2008 09:19 PM
Link to Tomato has an error (the r at the end) http://www.polarcloud.com/tomator

#

Re: Bad link

Posted by: Nathan Willis on October 03, 2008 10:17 PM
Got it; thanks for the catch.

Nate

#

Enhance your DNS and DHCP services with dnsmasq

Posted by: Anonymous [ip: 70.137.141.109] on October 04, 2008 05:32 PM
This seems like an ideal use for Avahi or other Multicast DNS service. (Part of Zeroconf, implemented as Bonjour at Apple.) Most programs will not implement MDNS so you'll need nss-mdns from Lennart, too.

The advantage of Zeroconf is that you don't need a particular host to be DNS. You also don't need static IP addresses, which takes some of the pain out of renumbering your network.

#

Enhance your DNS and DHCP services with dnsmasq

Posted by: Anonymous [ip: 74.192.172.169] on October 06, 2008 02:56 AM
Thanks so much for the article. I was wrestling with how to get my laptops worked into my automatic backup scheme since network-manager is fixed ip averse. Getting a fixed IP via DHCP from dnsmasq makes it easy to set up the backup and required no configuration on the laptop other than deleting a bunch of (now) useless entries from /etc/hosts on the laptop. I wish I had learned about this years ago.

#

Enhance your DNS and DHCP services with dnsmasq

Posted by: Anonymous [ip: 192.168.199.96] on October 06, 2008 10:14 AM
One further advantage - the excellent support from Simon Kelley, the person who wrote dnsmasq.

S

#

Using as external DNS, point to different hosts depending on requestor IP

Posted by: Anonymous [ip: 209.175.45.150] on October 06, 2008 07:08 PM
Here's the scenario. I would like to take my laptop from site A to site B; at each site I would like to be able to query a DNS server offsite (or on a different part of the WAN) to contact "hostname" - however I would like the DNS server to vary the result for hostname depending on my laptop's originating IP address. If I am on subnet A I would like to be referred to the IP for hostnameA, and if I am on subnet B I would like to be referred to the IP for hostnameB. Is that possible with dnsmasq or any other DNS? What are the limitations, stipulations, and risks of doing this?

#

Re: Using as external DNS, point to different hosts depending on requestor IP

Posted by: Anonymous [ip: 75.121.113.232] on October 12, 2008 01:11 PM
If you are expecting the laptop to have a different IP address at site B, it must be contacting a different DHCP server at that site. Using dnsmasq as an example, the simple solution would be to define DNS entries in /etc/hosts for names specific to that site, and using resolv.conf to point to the external DNS for other names.

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya