Dnsmasq is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS. This article was written while using CentOS 7, so it is safe to say that it also fully covers RHEL 7, Fedora and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.
To configure DNS caching server, you need to follow the steps listed below.
Install RPM
[root@node2 ~]# yum -y install dnsmasq
Modify or add the below content in your dns caching server configuration file.
libvirtd
package because libvirtd
uses dnsmasq
for its virtual guests.[root@node2 ~]# grep -v ^# /etc/dnsmasq.conf | egrep -v ^$ resolv-file=/etc/resolv.dnsmasq no-poll listen-address=127.0.0.1 cache-size=1000 conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
Here,
cache-size - Set the size of the cache. The default is to keep 150 hostnames. By setting the cache size to 0 disables the feature.
resolv-file - Here we use a separate file where dns caching server reads the IPs of the parent nameservers
no-poll - To prevent dns caching server from polling the ‘resolv’ file for changes.
listen-address - Bind only to the provided address
Upstream Nameservers
We have used a separate file to store the IPs of the parent nameservers; that is /etc/resolv.dnsmasq
. We will use the same syntax as in /etc/resolv.conf
add the nameserver IP addresses. Check sample output below: Here 10.0.2.32 is the IP address of my named chroot dns server.
[root@node2 ~]# cat /etc/resolv.dnsmasq
nameserver 10.0.2.32
For this step you must have an upstream DNS server available in your network.
Switch name resolution
For hostnames that do not exist in /etc/hosts the system still uses the nameserver inside /etc/resolv.conf
for name resolution.
To start using dns caching server, change the /etc/resolv.conf
to send all DNS queries to the local loopback interface. If the file contains multiple nameserver entries remove them so only the one entry is left.
[root@node2 ~]# cat /etc/resolv.conf search example.com nameserver 127.0.0.1
/etc/resolv.conf
may be updated replacing the reference to the loopback interface.
Starting DNSMASQ Service
Use systemctl to enable and start the dns caching server service:
[root@node2 ~]# systemctl enable dnsmasq.service --now Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service. [root@node2 ~]# systemctl is-active dnsmasq.service active
Check the port 53 status using netstat
:
[root@node2 ~]# netstat -ntlp | grep :53 tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 6274/dnsmasq tcp6 0 0 :::53 :::* LISTEN 6274/dnsmasq
Verify DNS caching Server
The following steps can be used with tcpdump to ensure that DNS caching server is working as expected.
Install the tcpdump package on aterminal (Term A)
[root@node2 ~]# yum -y install tcpdump
Open another terminal session (Term B) and run the following command.
[root@node2 ~]# tcpdump port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
Run the following command twice on the terminal (Term A) and confirm that tcpdump
shows 1 DNS query to your upper DNS server in Term B
tcpdump
may show multiple queries.[root@node2 ~]# ping google.com [root@node2 ~]# ping google.com
For the first ping you should see multiple entries in the tcpdump
but you re-run the ping second time then you will observe no packets being transmitted from the host so our DNS caching server is working as expected.
Lastly I hope the steps from the article to configure DNS caching server on CentOS / RHEL 7 Linux node was helpful. So, let me know your suggestions and feedback using the comment section.
References:
Red Hat Knowledgebase