DNS is an abbreviation of Domain Name System. In layman’s language, It can be defined as the “phonebook of the Internet”. A Domain Name System is used to resolve an IP address to a domain name and vice-versa. Normally, most people, access the Internet using domain names such as facebook.com, google.com e.t.c. These names are easier to memorize as compared to IP Addresses.
In some cases, you can find yourself in a situation where you need to set up a DNS server to handle name resolution for a specific domain name. Here, you can set up an authoritative DNS server to provide answers to resolvers such as 1.1.1.1 or 8.8.8.8
DNSmasq is a small free and convenient software used to provide DNS caching, DHCP server, router advertisement, and network boot features for small networks. It serves locally available domain names that do not appear in DNS servers around the world. It combines the DNS and DHCP servers to allow the DHCP-assigned addresses to be properly resolved. DNSmasq has low system requirements and can run on Linux, BSDs, Android, and macOS systems.
There are several features provided by DNSmasq, these include:
- It offers an integrated DHCP server. DNSmasq supports static and dynamic DHCP lease services, polymorphic networks and diverse IP ranges. It works through BOOTP relays and supports some DHCP options, including RFC3397, a list of DNS options
- It can be configured to send specific domain name resolution requests to specific upstream servers, which can be easily combined with private DNS servers
- It can interact with the upstream server through Ipv6 and DNS services through IPV6.
- It stores Internet address and address-domain mapping relationship into the cache, reducing the load on the server and improving performance
- It is simple to configure
- It can be configured to obtain address information from the upstream domain name resolution server using PPP or DHCP configuration requests automatically
- It can be configured to work with private DNS servers. DNSmasq is capable of sending specific domain name resolution requests to specific upstream servers.
In some of the previous guides, we went through how to install and configure Dnsmasq on Ubuntu. Today, we will learn how to run and use Dnsmasq in a Docker Container.
Prepare your Server
We will begin by installing the required packages on the system:
## On RHEL/CentOS/RockyLinux 8
sudo yum update
sudo yum install curl vim
## On Debian/Ubuntu
sudo apt update && sudo apt upgrade
sudo apt install curl vim
## On Fedora
sudo dnf update
sudo dnf -y install curl vimSecondly, stop the system-resolved service which runs on port 53. This port will be used by Dnsmasq.
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
Remove the /etc/resolv.conf symbolic link:
$ ls -lh /etc/resolv.conf
-rw-r--r-- 1 root root 49 Feb 23 04:53 /etc/resolv.conf
$ sudo unlink /etc/resolv.confUpdate the resolve conf file:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.confAllow port 53 through the firewall:
##For Firewalld
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reload
##For UFW
sudo ufw allow 53
Install Docker and Docker Compose on Linux
For this guide, you need Docker Engine installed on your Linux system. This can be achieved using the aid provided in the guide below:
Ensure that Docker is started and enabled:
sudo systemctl start docker && sudo systemctl enable dockerAlso, add your system user to the docker group:
sudo usermod -aG docker $USER
newgrp dockerOnce complete, you can install Docker Compose using the guide below:
Create a Persistent Volume for Dnsmasq
Dnsmasq reads all the .conf files in /etc/dnsmasq. For this guide, we need to create a path on the system and map it accordingly.
Create the directory on your system and assign the required permissions:
sudo mkdir /etc/dnsmasq
sudo chmod -R 775 /etc/dnsmasqThis volume will be used to store all the configuration files. On Rhel-based systems, you need to set SELinux in permissive mode for the Path to be accessible:
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/configRun Dnsmasq in Docker Container
There are two ways of running the Dnsmasq in Docker containers, these are:
- Directly using Docker Engine
- Using Docker-Compose
Before we run the Dnsmasq container, we need to create the config file at /etc/dnsmasq:
sudo vim /etc/dnsmasq/0.base.confIn the file, add the below lines replacing where required:
#Define Port
port=53
domain-needed
bogus-priv
#dont use hosts nameservers
no-resolv
strict-order
#Use the default nameservers
server=8.8.8.8
server=8.8.4.4
expand-hosts
#serve all company queries using a specific nameserver
domain=dnsmasq.geeksforgeeks.org
#explicitly define host-ip mappings
address=/apps.dnsmasq.geeksforgeeks.org/192.168.205.11
address=/db.dnsmasq.geeksforgeeks.org/192.168.205.12
address=/test.dnsmasq.geeksforgeeks.org/192.168.205.13 In the above file, my domain name is dnsmasq.geeksforgeeks.org and;
- 192.168.205.11 resolves all the requests directed to apps.dnsmasq.geeksforgeeks.org, 192.168.205.12 for db.dnsmasq.geeksforgeeks.org, and 192.168.205.13 for test.dnsmasq.geeksforgeeks.org
Save the file and proceed as shown below:
Method 1: Run Dnsmasq Directly using Docker Engine
You can run Dnsmasq directly using Docker Engine with the command:
docker run --detach --name dnsmasq \
-p 53:53/udp \
--cap-add=NET_ADMIN \
-v /etc/dnsmasq/0.base.conf:/etc/dnsmasq.conf \
strm/dnsmasqIn the above command:
- –cap-add=NET_ADMIN: is required for Dnsmasq to interact with the network stack
- -p 53:53/udp maps the UDP port for DNS
- -v /etc/dnsmasq/0.base.conf:/etc/dnsmasq.conf maps our folder of .conf files inside the container.
Once the container starts, you can verify using the command:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e5bdc9a813d strm/dnsmasq "dnsmasq -k" 2 seconds ago Up 1 second 53/tcp, 0.0.0.0:53->53/udp, :::53->53/udp dnsmasqMethod 2: Run Dnsmasq Using Docker-Compose
You can also use Docker-Compose to run the Dnsmasq container. First, create a YAML file for the container.
vim docker-compose.ymlIn the file, add the below lines:
version: '2'
services:
dns:
restart: always
image: strm/dnsmasq
container_name: dnsmasq
volumes:
- /etc/dnsmasq/0.base.conf:/etc/dnsmasq.conf
ports:
- "53:53/udp"
cap_add:
- NET_ADMINTo start the container, use the command:
docker-compose up -dVerify if the container is up:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e1d1a3a7c0d strm/dnsmasq "dnsmasq -k" 8 seconds ago Up 6 seconds 53/tcp, 0.0.0.0:53->53/udp, :::53->53/udp dnsmasqTest Dnsmasq Functionality
Now we need to verify if the configured Dnsmasq is responding to requests. To do this, we will use the command below on localhost.
dig db.dnsmasq.neveropen.techSample Output:
Another example:
$ dig test.dnsmasq.geeksforgeeks.org A +noall +answer
test.dnsmasq.geeksforgeeks.org. 0 IN A 192.168.205.13To test the functionality on remote hosts, we need to modify the network configuration to use our server as its DNS.
The commands below can be used:
sudo nmcli connection modify enp6s18 ipv4.dns 192.168.205.11
sudo nmcli connection down enp6s18; sudo nmcli connection up enp6s18Remember to replace enp6s18 with the network interface and 192.168.205.11 with the IP address of your Dnsmasq host.
Now verify if Dnsmasq is working:
(Optional) Configure Dnsmasq as DHCP Server
You can also configure Dnsmasq as a DHCP server to assign desired addresses to clients either dynamically or statically.
For that case, you need to modify your created file:
sudo vim /etc/dnsmasq/0.base.confIn the file, add:
- The default gateway IP address
- DNS server IP address (Probably Dnsmasq or a different DNS server)
- Network Subnet mask
- DHCP Addresses range
- NTP server
See below example:
dhcp-range=192.168.205.25,192.168.205.50,24h
dhcp-option=option:router,192.168.205.1
dhcp-option=option:ntp-server,192.168.3.11
dhcp-option=option:dns-server,192.168.3.11
dhcp-option=option:netmask,255.255.255.0Save the made changes and restart the container:
docker restart dnsmasqManage the Dnsmasq Container
You can start, stop and delete the container using the commands:
Stop:
docker stop dnsmasqStart:
docker start dnsmasqDelete
docker rm dnsmasqIt is also possible to configure the Dnsmasq container to start automatically on system boot by creating a systems service.
Create the service file:
sudo vim /etc/systemd/system/dnsmasq_container.serviceIn the file, add the below lines:
[Unit]
Description=Dnsmasq container
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a dnsmasq
ExecStop=/usr/bin/docker stop -t 2 dnsmasq
[Install]
WantedBy=local.targetReload the system daemon:
sudo systemctl daemon-reloadNow start and enable the service:
sudo systemctl start dnsmasq_container
sudo systemctl enable dnsmasq_containerVerify if the service is running:
$ systemctl status dnsmasq_container
● dnsmasq_container.service - Dnsmasq container
Loaded: loaded (/etc/systemd/system/dnsmasq_container.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-11-15 20:40:11 EAT; 9s ago
Main PID: 45574 (docker)
Tasks: 5 (limit: 4575)
Memory: 9.7M
CGroup: /system.slice/dnsmasq_container.service
└─45574 /usr/bin/docker start -a dnsmasq
Sad 15 20:40:11 geeksforgeeks.org systemd[1]: Started Dnsmasq container.Final Thoughts
That marks the end of this guide on how to run and use Dnsmasq in a Docker Container. You have all seen how easy it is to configure Dnsmasq. Now enjoy the awesomeness of Dnsmasq.
Related posts:
