title: Replacing bind with dnsmasq on the home network link: https://onemoretech.wordpress.com/2015/02/27/replacing-bind-with-dnsmasq-on-the-home-network/ author: phil2nc description: post_id: 9391 created: 2015/02/27 12:33:21 created_gmt: 2015/02/27 17:33:21 comment_status: closed post_name: replacing-bind-with-dnsmasq-on-the-home-network status: publish post_type: post

Replacing bind with dnsmasq on the home network

BIND has been serving up internal address information on our home network for way over a decade now. That's changing over the next couple of days. The whys and hows follow. This was done on Fedora 21*. I like BIND. I really do. Learning how to configure BIND servers not only helped me become a better diagnostician of network issues, it actually helped me get through the first iteration of Microsoft's Active Directory training (which needless to say had some rough edges in the hands-on lab department). But configuring BIND servers has lost its lustre for me. It's just not as much fun as it used to be. When I recently upgraded our home firewall to pfSense 2.2-RELEASE, I decided not to install BIND but instead work with the built-in DNS Forwarder (not Resolver) that uses dnsmasq under the covers. This simplified configuration and setup tremendously, and reduced our dependency on add-on packages that can create problems during upgrades of the base system. Fortunately, dnsmasq works pretty well as a simple name server. In fact it also offers some features, like SRV records, that were only available with BIND and other full-featured name servers in the past. To implement dnsmasq as a name server all I had to do was: 1. Shut down and disable BIND ("systemctl stop named", "systemctl disable named"). 2. Install dnsmasq ("yum install dnsmasq"). 3. Add an /etc/banner_add_hosts file that contains all the IP to host name mappings (in addition to those for your own host already in /etc/hosts), one line per name (in the case of aliases, CNAMEs, you would have an additional line for the same IP address)**. For example: [code language="bash" gutter="false"] 10.0.0.1 gw.example.com gw 10.0.0.1 ns1.example.com ns1 10.0.1.1 gw2.example.com gw2 10.0.0.10 backup.example.com nas 10.0.0.10 www.example.com www 10.0.0.10 ldap.example.com ldap [/code] 4. Edit the configuration file, /etc/dnsmasq.conf. The sample file included with the Fedora install is mostly commented out. Here are the (mostly) non-defaults I uncommented: [code language="bash" gutter="false"] filterwin2k listen-address=10.0.0.3 bind-interfaces addn-hosts=/etc/banner_add_hosts domain=example.com conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig [/code] 5. Start and enable dnsmasq ("systemctl start dnsmasq", "systemctl enable dnsmasq"). * It's even easier to set up on FreeBSD, where you can install the plain vanilla package ("pkg install dnsmasq"). The configuration is almost identical (I left the "conf-dir" argument commented out). ** On FreeBSD and other systems whose network config isn't controlled by FreeDesktop.org's NetworkManager you can do this in the /etc/hosts file. That file gets overwritten by NetworkManager in systems (like Fedora and Ubuntu) that are controlled by it, necessitating the use of a supplemental file to persistently store the additional mappings. Of course dnsmasq won't respond to zone transfer requests the way a "real" name server would, but that's not something most people need to do very often.

Copyright 2004-2019 Phil Lembo