October 3, 2008

Enhance your DNS and DHCP services with dnsmasq

Author: Keith R. Fieldhouse

When a network is small and most of its users interact chiefly with services on the Internet at large, it's easy to get by simply by assigning numeric Internet Protocol addresses to your nodes rather than names. As the network grows, however, and as internal services (wikis, mail servers, media servers, and more) come online, recalling numeric addresses becomes unwieldy. One solution is to implement Domain Name Server (DNS) and Dynamic Host Configuration Protocol (DHCP) with dnsmasq, and thereby cache external DNS addresses for performance reasons, dynamically assign IP addresses to all of the members of your network, and manage everything from one location. This article shows you how.

Most home and small business networks are built using Network Address Translation and a non-routable IP address ranges. The administrator of the network simply configures each new machine with the next available IP address in the range being used (e.g. 192.168.168.*). But since these nodes are on a private network, the organization's public DNS servers don't know about them. Users of the network must use difficult-to-remember numerical IP addresses to access internal network services.

To avoid this, you can install dnsmasq and configure it to know about all of the nodes on your network, and supply that information as a DNS server. To simplify things you can also configure dnsmasq to supply each node with an IP address using the DHCP protocol. Finally, for situations where you require that a particular system has a fixed IP address, you can configure dnsmasq's DHCP server to supply that IP address based on the system's Media Access Control (MAC) or hardware address. This way all of the IP configuration information for the LAN can be kept in one place.

Installing dnsmasq is straightforward. Building from source is a matter of running make ; make install, but most Linux distributions include dnsmasq as an installable package. Open source firmware for routers, such as OpenWRT and Tomato, also include dnsmasq, so you can combine your DNS, DHCP, and routing functions on a single box.

On a typically configured system, once dnsmasq is started, it is prepared to act as a DNS server for the rest of your network. When a DNS lookup request comes in, dnsmasq first looks in its /etc/hosts file to see if an entry there matches the request. If so, dnsmasq will respond with the appropriate IP address. If /etc/hosts looks like: haggard.example.com haggard grant.example.com grant dent.example.com dent

And a request comes in for grant.example.com, dnsmasq will respond with

If there is not a match in /etc/hosts, dnsmasq forwards the request to any of the "real" name servers found in /etc/resolv.conf. On a Linux system, /etc/resolv.conf looks like:


Note that you can mask real external domain names with entries in /etc/hosts since /etc/hosts entries take priority.

Once you've set up the dnsmasq system this way, you can enter its IP address as the Domain Name Server on any of the other systems on your network, and they will then be able to use host names instead of IP addresses to access TCP/IP network resources. As an added benefit, after dnsmasq retrieves an address from an Internet DNS server, it caches the result and uses that value to respond to further requests for that address, with the resulting performance improvement.

Once you have basic DNS services set up for your network, your attention may turn to other aspects of configuring your network. If you have a laptop that joins several networks, it may be convenient to have it configured automatically when it joins your network. Installing new systems or setting up the next generation of network-based multimedia devices is likewise easier if those systems can simply be supplied their network information automatically when they boot.

Dnsmasq has a built-in DHCP server that integrates well with its DNS capabilities. Because of this, even if you are already using a DHCP server (for example, from your router) you may wish to disable it and use dnsmasq's services instead.

To enable DHCP in dnsmasq, edit the dnsmasq.conf file (typically found in /etc on most Linux distributions). Search for dhcp-range, which you will probably find on a commented-out line. Edit the line to look something like this:


With this setting, dnsmasq will assign IP addresses from a pool between the addresses and You should not use any addresses in this range when you assign IP addresses yourself. The 12h at the end of the line sets the "lease" time for each address to 12 hours. This simply means that the lease is reserved for 12 hours and that if a system requires the use of the address for more time than that, it must request a renewal.

You should also set the domain field to a domain that you use. You can make one up if you don't intend to try to get to "real" servers in that domain. The easiest thing to do is use a domain that you have registered. To use example.com as a domain, for example, you'd make sure that there's a line in your dnsmasq.conf file that reads:


Finally, if the system you're running dnsmasq on is not your network's default router, you'll need to make one other change. Search for the keyword dhcp-option in the dnsmasq.conf file. Add an uncommented line like the following:


The "3" indicate that the "default route" option is being set. This line tells the DHCP server to tell any clients that are assigned an IP address that their default router is at (substitute the address of the default router on your network). Restart dnsmasq, and from then on, when a system joins your network, dnsmasq will give it the next available address in the specified range of IP addresses, and assign the appropriate default route.

There are times when it's desirable to have a machine that gets its network configuration via DHCP get the same IP address each time it requests one. It may be desirable to give a laptop a fixed address and name to facilitate file transfers and backups, for example.

You can do this using a hardware or MAC address. This is a unique identifier assigned to devices that participate in an Ethernet network. When a request for a DHCP address is broadcast, it is broadcast with the device's MAC address. This address takes the form of six groups of two hexadecimal digits -- for example, 00:04:5A:84:EA:8D. Don't confuse the MAC address with the IP address of a system. If you replace the Ethernet card on a computer, its MAC address will change but its IP address will likely stay the same.

There are several ways to determine the MAC address of a device. Often it is printed near the Ethernet port. On a Linux system, the ifconfig command will display information about the Ethernet devices on the system, labeled as the "HWADDR." If all else fails you can monitor syslog on the system on which dnsmasq is running. When the system you are interested in requests a DHCP address, its MAC address will be logged.

Once you know the system's MAC address you can use it to assign it an IP address and domain name. In dnsmasq.conf look for dhcp-host. Let's say that you want to assign the system with the MAC address 00:04:5A:84:EA:8D the IP address and the name "Howard." Add an entry to the dnsmasq file that looks like this:


Then configure that machine to use DHCP and restart dnsmasq.

You can add as many dhcp-host lines as you wish. In fact, you may find it convenient to assign all of your fixed IP addresses using this mechanism rather than individually configuring the systems. This allows you to keep all of the address information on your network in one place (the dnsmasq.conf file). It also allows network configurations to persist through OS reinstalls on the clients.

Once you've configured dnsmasq as described here you will have gone a long way toward enhancing your network and moving from an ad-hoc assemblage of systems to a well-managed easily expanded resource.


  • Networking