This article will show you how to install and configure a DNS server using dnsmasq on CentOS 7 / RHEL 7 / CentOS 8 / RHEL 8. This will be a step by step walkthrough, very useful in situations like Zimbra installation where you want to use a static IP and define your own DNS and disable automatic DHCP server.
Brief Introduction
A DHCP (Dynamic Host Configuration Protocol) server dynamically assigns IP addresses and other network configuration parameters to each device on a network.
A DNS forwarder on a LAN forwards DNS queries for non-local domain names to upstream DNS servers (outside that network), while a DNS caching server answers recursive requests from clients so that the DNS query can be resolved faster, thus improving DNS lookup speeds to previously visited sites.
What is DNSMASQ
dnsmasq (DNS masquerade) is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS.
1. Install dnsmasq in your CentOS / RHEL Linux
If you don’t have already installed dnsmasq in your CentOS/RHEL Linux, you can easily install it, since it is available in the default repository, with the following command:
sudo yum install dnsmasq
Once you have installed it, you can check the status:
systemctl status dnsmasq
If you find that it is not running, we must start and enable it with the following commands:
sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
The result should be similar to this:
[root@jh-rhel-node ~]# systemctl status dnsmasq ● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2023-07-09 16:35:08 WIB; 15min ago Main PID: 129293 (dnsmasq) Tasks: 3 (limit: 203826) Memory: 1.6M CGroup: /system.slice/dnsmasq.service ├─129293 /usr/sbin/dnsmasq -k ├─129917 /usr/sbin/dnsmasq -k └─129922 /usr/sbin/dnsmasq -k Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using nameserver 8.8.8.8#53 Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using nameserver 4.4.4.4#53 Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using local addresses only for domain ocp-lab.wachid.web.id Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: reading /etc/resolv.conf Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using nameserver 8.8.8.8#53 Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using nameserver 4.4.4.4#53 Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: using local addresses only for domain ocp-lab.wachid.web.id Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: ignoring nameserver 10.130.4.100 - local interface Jul 09 16:35:08 jh-rhel-node dnsmasq[129293]: read /etc/hosts - 11 addresses [root@jh-rhel-node ~]#
2. Configure dnsmasq Server
The dnsmasq server can be configured via the /etc/dnsmasq.conf file. Since DNS is enabled by default, we suggest creating a backup of the .conf file before making any changes:
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
Now open the /etc/dnsmasq.conf file using your preferred text editor (we use “nano” )
nano /etc/dnsmasq.conf
and enter the following suggested configuration, bearing in mind that these are some example main settings and you can add some others or change parameters according to your needings:
[root@jh-rhel-node ~]# cat /etc/dnsmasq.conf ###disable DHCP no-dhcp-interface= ###add for dns no-hosts addn-hosts=/etc/hosts domain=ocp-lab.wachid.web.id local=/ocp-lab.wachid.web.id/ #Google's nameservers server=8.8.8.8 server=4.4.4.4 address=/apps.ocp-lab.wachid.web.id/10.130.4.100 [root@jh-rhel-node ~]#
Let’s understand better the settings we entered:
listen-address
This option is used to set the IP address where dnsmasq will listen on. In this guide we want our CentOS/RHEL server to listen for DHCP and DNS requests on the LAN, so we are going to set the listen-address to its LAN IP addresses (including the localhost 127.0.0.1).
interface
The interface option is used to restrict the interface dnsmasq listens on. Note that you can add more lines if you mean to have more than one interface.
domain
This option is used to set the domain. This means DHCP clients will have FQDN (fully qualified domain names) while the set domain is the same and also sets the domain DHCP option for all clients.
address
Using the address option, you can force your local domain to an IP address(es)
nameservers
In the example, we used Google’s ones, but you can eventually choose to use a different one, “127.0.0.53”, which is the address of the local caching stub resolver. It forwards DNS requests to whatever upstream DNS servers you specify.
At the end of the configuration, press Ctrl + x to exit, save the configuration and check the syntax for any errors using the following command:
sudo dnsmasq --test
3. Setting Up dnsmasq with resolv.conf File
This short step shows you how to set the localhost address as the only nameserver in resolv.conf file. This is intended to make all queries to be sent to dnsmasq.
Open resolv.conf file:
nano /etc/resolv.conf
Then modify it as follows:
Save and exit.
[root@jh-rhel-node ~]# cat /etc/resolv.conf # Generated by NetworkManager #nameserver 192.168.1.137 #nameserver 192.168.1.138 nameserver 10.130.4.100 [root@jh-rhel-node ~]#
To prevent the overwriting of our changes by the local daemon (NetworkManager) we are going to set the immutable attribute to our file using the chattr command this way:
sudo chattr +i /etc/resolv.conf
We can also make a quick check if everything is right with lsattr command:
4. Defining DNS Hosts and Names and Testing Local DNS
All the DNS hosts and names are read by dnsmasq from the hosts file, so we need to modify the /etc/hosts file as follows:
nano /etc/hosts
Eventually, you can add some other defined addresses such as MAAS, Nagios, …
[root@jh-rhel-node ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #10.130.4.104 bootstrap.ocp-lab.wachid.web.id 10.130.4.101 ocpnode1.ocp-lab.wachid.web.id 10.130.4.102 ocpnode2.ocp-lab.wachid.web.id 10.130.4.103 ocpnode3.ocp-lab.wachid.web.id 10.130.4.104 ocpodf1.ocp-lab.wachid.web.id 10.130.4.105 ocpodf2.ocp-lab.wachid.web.id 10.130.4.106 ocpodf3.ocp-lab.wachid.web.id 10.130.4.100 api.ocp-lab.wachid.web.id 10.130.4.100 api-int.ocp-lab.wachid.web.id 10.130.4.100 sapi-int.ocp-lab.wachid.web.id [root@jh-rhel-node ~]#
Now restart dnsmasq to apply the above changes:
sudo systemctl restart dnsmasq
Note: If you have the firewall service running, then you need to open DNS and DHCP services in its configuration:
sudo firewall-cmd --add-service=dns --permanent sudo firewall-cmd --add-service=dhcp --permanent sudo firewall-cmd --reload
To test if everything is working fine we can use bind-utils:
If you don’t have them installed on your system, just run the command:
sudo yum install bind-utils
dig domain.abc or nslookup domain.abc
and also test the FQDN:
dig webservertest.domain.abc or nslookup webservertest.domain.abc