As The last ship sailed towards the distant horizon I sat there watching on a rock My mind slowly drifting away Forming into my... Dreamtale
How to dnsmasq on Ubuntu
2018-09-04 / 4 min read

noted from https://wiki.debian.org/HowTo/dnsmasq

Basic DNS setup

apt-get update
apt-get install dnsmasq

If your goal was to set up a simple DNS server, you just succeeded.
Now, if you want to add some names for your DNS server to resolve for your clients, simply add them to your /etc/hosts file.

Choosing your Interfaces

One you will probably want to do is tell dnsmasq which ethernet interface it can and cannot listen on, as we really don't want it listening on the internet. Around line 69 of the /etc/dnsmasq.conf file, you will see:

#interface=

Uncomment the line and specify which ethernet interface(s) you want it server IPs to. For example, if I want it to listen on eth1 (my DMZ) and eth2 (my local network), then it should look like:

interface=eth1
interface=eth2

Basic DHCP Setup

By default, DHCP is turned off. This is a good thing, as you could bring down whatever network you are connected to if you are not careful.

To enable it, there is at least one line will need to edit in the /etc/dnsmasq.conf file. Around line 143, you will see:

#dhcp-range=192.168.0.50,192.168.0.150,12h

To enable the DHCP server, you will need to give it a range of IP addresses to hand out. In the example above, this server would hand out 101 address starting at 192.168.0.50 and ending at 192.168.0.150. The last number is how long the DHCP leases are good for. In this example, they would be good for twelve hours.

Since I have two different networks that need DHCP, I'm going to change that line to:

dhcp-range=eth1,192.168.100.100,192.168.100.199,4h
dhcp-range=eth2,192.168.200.100,192.168.200.199,4h

Notice the "eth1" and "eth2" labels in the lines above? The aren't necessary, but definately help once you start playing with more advanced configurations. It also helps me remember which range is which. Now restart your dnsmasq server, connect up a few clients, and see if they autoconfigure themselves:

/etc/init.d/dnsmasq restart

dnsmasq with dnscrypt-proxy

dnsmasq combined with dnscrypt-proxy provide caching, encryption and server-side authentication. Useful to protect a laptop from potentially hostile networks.

apt-get install dnsmasq dnscrypt-proxy

## Configure /etc/resolv.conf to use dnsmasq
nameserver 127.0.0.1

## Configure /etc/dnsmasq.conf
# ignore resolv.conf
no-resolv
# Listen only on localhost
listen-address=127.0.0.1
# dnscrypt is on port 40
server=127.0.0.1#40

## Configure /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket with the following 5 lines if you are using systemd
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.0.1:40
ListenDatagram=127.0.0.1:40

## restart both daemons