Step-by-Step Tutorial: Configure DNS caching server - dnsmasq (CentOS/RHEL 7)

Dnsmasq is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS. This article was written while using CentOS 7, so it is safe to say that it also fully covers RHEL 7, Fedora and generally the whole Red Hat family of operating systems and possibly Novell’s SLES and OpenSUSE.

Step-by-Step Tutorial: Configure DNS caching server - dnsmasq (CentOS/RHEL 7)

To configure DNS caching server, you need to follow the steps listed below.


Install RPM


On RHEL system you must have an active subscription to RHN or you can configure a local offline repository using which "yum" package manager can install the provided rpm and it's dependencies.
[root@node2 ~]# yum -y install dnsmasq

Modify or add the below content in your dns caching server configuration file.


In this configuration, we assume that the system doesn't have libvirtd package because libvirtd uses dnsmasq for its virtual guests.
[root@node2 ~]# grep -v ^# /etc/dnsmasq.conf | egrep -v ^$

cache-size - Set the size of the cache. The default is to keep 150 hostnames. By setting the cache size to 0 disables the feature.
resolv-file - Here we use a separate file where dns caching server reads the IPs of the parent nameservers
no-poll - To prevent dns caching server from polling the ‘resolv’ file for changes.
listen-address - Bind only to the provided address


Upstream Nameservers

We have used a separate file to store the IPs of the parent nameservers; that is /etc/resolv.dnsmasq. We will use the same syntax as in /etc/resolv.conf add the nameserver IP addresses. Check sample output below: Here is the IP address of my named chroot dns server.

[root@node2 ~]# cat /etc/resolv.dnsmasq

For this step you must have an upstream DNS server available in your network.


Switch name resolution

For hostnames that do not exist in /etc/hosts the system still uses the nameserver inside /etc/resolv.conf for name resolution.

To start using dns caching server, change the /etc/resolv.conf to send all DNS queries to the local loopback interface. If the file contains multiple nameserver entries remove them so only the one entry is left.

[root@node2 ~]# cat /etc/resolv.conf

If you write the DNS information in the primary network interface file, you need to update the DNS options in the network file also. Under some circumstances (due to DHCP or you network configuration files) nameserver lines in /etc/resolv.conf may be updated replacing the reference to the loopback interface.


Starting DNSMASQ Service

Use systemctl to enable and start the dns caching server service:

[root@node2 ~]# systemctl enable dnsmasq.service --now
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/dnsmasq.service.

[root@node2 ~]# systemctl is-active dnsmasq.service

Check the port 53 status using netstat:

[root@node2 ~]# netstat  -ntlp | grep :53
tcp        0      0    *               LISTEN      6274/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      6274/dnsmasq


Verify DNS caching Server

The following steps can be used with tcpdump to ensure that DNS caching server is working as expected.

Install the tcpdump package on aterminal (Term A)

[root@node2 ~]# yum -y install tcpdump

Open another terminal session (Term B) and run the following command.

[root@node2 ~]# tcpdump port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

Run the following command twice on the terminal (Term A) and confirm that tcpdump shows 1 DNS query to your upper DNS server in Term B


Some websites or domain names have multiple IP addresses associated with them. For that reason and other reasons, tcpdump may show multiple queries.
[root@node2 ~]# ping
[root@node2 ~]# ping

For the first ping you should see multiple entries in the tcpdump but you re-run the ping second time then you will observe no packets being transmitted from the host so our DNS caching server is working as expected.


Lastly I hope the steps from the article to configure DNS caching server on CentOS / RHEL 7 Linux node was helpful. So, let me know your suggestions and feedback using the comment section.


Red Hat Knowledgebase


Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.