1. Introduction
This first paragraph is taken from the dnsmasq home page.
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP for network booting of diskless machines.
1.1. Copyright
Copyright (c) 2008 by Richard W. Brown
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available from http://www.fsf.org/licenses/fdl.html.
1.2. Disclaimer
No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies which could be damaging to your system. Proceed with caution, and although this is highly unlikely, the author(s) do not take any responsibility.
Owners hold all copyrights, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.
This document is how I configured and use dnsmasq on my own system. I am not, nor do I pretend to be a Linux expert. I am just some guy who has benefited from the expertise of others and wish to add my contribution back to the Linux community.
Note: You are strongly recommended to take backup copies of all files before they are modified.
1.3. Feedback.
Feedback is most certainly welcome for this document. Send your additions, comments and criticisms to the following email address: howtos at Mythical Beast dot co dot uk Errors and omission will be added to the next version of this document.
2. Installation.
2.1. Install Using The 'apt-get' Software
Use the command line below 
. You will need the universe repository in your software sources list.
sudo apt-get install dnsmasq dnsmasq-base
3. Initialization and Configuration.
3.1. The example system used in this HOWTO
The server where dnsmasq is running its DNS and DHCP services is called linux60 (192.168.0.7), The Router is IP 192.168.0.1. There are a mixture of real and virtual machines all using these services. All machines are in the local domain example.com. The client machines will have names like linux12 or kvmubuntu.
3.2. Setting up the server
3.2.1. Make backup copies of 'conf' files.
Start by making a copy of the files we will be changing so you can always go back to a know starting point.
cd /etc
cp dnsmasq.conf hosts resolve.conf ~/mybackups
3.2.2. Setting up /etc/dnsmasq.conf
Looking at the file /etc/dnsmasq.conf first. Below is a good starting point to get things up and running. The lines are listed in the same order as they appear in the default file. Just uncomment and amend them as necessary. (Remove the '#' from the beginning of the line)
domain-needed
bogus-priv
expand-hosts
domain=example.com
dhcp-range=192.168.0.20,192.168.0.50,24h
What these lines will do for you.
- domain-needed This tells dnsmasq to never pass short names to the upstream DNS servers. If the name is not in the local /etc/hosts file then "not found" will be returned.
- bogus-priv All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts will be returned as "no such domain" and not forwarded to the upstream servers.
- expand_hostsSo we can see our local hosts via our home domain without having to repeatedly specify the domain in our /etc/hosts file.
- domain This is your local domain name. It will tell the DHCP server which host to give out IP addresses for.
- dhcp-range This is the range of IPs that DHCP will serve: 192.168.0.20 to 192.168.0.50, with a lease time of 24 hours. The lease time is how long that IP will be linked to a host.
Dnsmasq will, set or find out automatically, lots of common networking and connection values. These do not need to be set unless you are paranoid or like to specifically set these things. Which is rather nice of dnsmasq, don't you agree?
- broadcast address
- network mask
- router parameters
- interface (eth0) and IP address to listen on
3.2.3. Setting the server /etc/hosts file
The /etc/hosts file on the example server will look like this. Leave the IPv6 stuff as it was.
127.0.0.1 localhost
192.168.0.7 linux60
3.2.4. Setting the server /etc/resolve.conf file
One last thing to do it set the localhost or loop device on the server as a nameserver so it can use the DNS service that it is running. Add the nameserver line below to the top of the list in /etc/resolv.conf.
nameserver 127.0.0.1
3.3. Setting up the clients
3.3.1. Make backup copies of 'conf' files.
Start by making a copy of the files we will be changing so you can always go back to a know starting point.
cd /etc
cp dhcp3/dhclient.conf hosts resolve.conf ~/mybackups
The /etc/hosts file on the client machines should look similar to this. Leave the IPv6 stuff alone.
127.0.0.1 localhost
127.0.1.1 linux12
Note: There should be no need to change the hosts file from the default one created by Ubuntu.
3.3.2. Clients for DNS.
In the example setup our server is linux60 or 192.168.0.7 it is the only machine with a static IP address. This is necessary as we need to tell the other machine were to look for the DNS service. So we need to tell the other machines were to get their DNS service from to take advantage of our shiny new server. We do this by adding a line to /etc/resolv.conf. I put it as the first nameserver in the file.
nameserver 192.168.0.7
3.3.3. Clients for DHCP.
The only change here that we need to do is to make sure that when the host requests an IP address it passes its own hostname to the DHCP server. So the other machines can use its name to look up the IP address it was just given. So for example if we are setting up our workstation called linux12 that is in our fictitious domain example.com we would add the following line to /etc/dhcp3/dhclient.conf
send host-name "linux12.example.com";
You can now reboot linux12. During which time it will talk to our new DHCP server request a new IP address. The server will remember which IP address it gave out to linux12 and it and other machines on the network will be able to ping linux12. No more needing to know which machine has which IP address.
4. Testing & Troubleshooting
4.1. Testing the DNS server
4.1.1. Locally on the server and on remote hosts
The simplest way to test that your DNS is up and running it to use the dig utility. When you look at the output from dig the part we are interested in is the third and forth line from the end. Just use dig <domain name> to see the output.
dig bbc.co.uk
; <<>> DiG 9.4.2 <<>> bbc.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER <<- opcode: QUERY, status: NOERROR, id: 57582
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bbc.co.uk. IN A
;; ANSWER SECTION:
bbc.co.uk. 159 IN A 212.58.224.131
;; Query time: 21 msec # <<==== This line and the one below
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 11 09:38:21 2008
;; MSG SIZE rcvd: 43
From the test on the domain bbc.co.uk you can see it took all of 21 mseconds to look up. That is around around 1/50 of a second and we used the server 127.0.0.1 (local host) as the DNS.
Now the magic bit, when you do the same dig command again a few minutes later it is much quicker as the previous lookup was cached. So we see this
dig bbc.co.uk
; <<>> DiG 9.4.2 <<>> bbc.co.uk
;; global options: printcmd
...
...
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
This time it took 0 msec, the DNS is working locally.now try the same command on one of the workstations and you should see the same result. The first time you request a domain it will take some time. the second time will be much quicker. Once the domain as been lookup up it will remain in the cache for some time.
4.2. Testing DHCP.
Assuming your dnsmasq server is already setup and working. Start up one of the other hosts. After it has booted look at the output from ifconfig looking at the second line for the network interface and the inet addr should be within the DHCP range you set on the server.
inet addr:192.168.0.7 Bcast:192.168.0.255 Mask:255.255.255.0
From the dnsmasq server you should be able to ping the machine you just booted by name and vice-versa.
Make sure you have turned off all other DHCP servers on your system.
You can test that you are using the dnsmasq DHCP server by making a range one just one IP address in /etc/dnsmasq.conf, restarting the dnsmasq server and rebooting the client machine. It should now be using that one IP address.
5. Stopping And Starting The dnsmasq Daemon.
This is really simple just run the dnsmasq startup script in /etc/init.d with stop, start or restart. That was simple
sudo /etc/init.d/dnsmasq stop
sudo /etc/init.d/dnsmasq start
sudo /etc/init.d/dnsmasq restart
6. Further Information. Advanced stuff.
I would strongly suggest that you get the basic stuff working and sorted out before doing anything in this section. .
Verisign, back in September 2003, decided to push unwanted advertising your way when there was no domain registered rather than returning the "no such domain" message. To stop 
this type of unnecessary annoyance you can use the following option in /etc/dnsmasq. If you find more IPs then you simply add one more line.
bogus-nxdomain=64.94.110.11
To find out if your ISP or the whoever it providing your upstream DNS is doing this to you , just try looking up, with dig totally, random domain names if they return a valid IP address and the SAME IP address. Add it to the list of bogus-nxdomain IP addresses. Then restart the dnsmasq service.
You can even stop some of those pesky advertisements getting to your browsers by redirecting domains to a local IP address, localhost is good.
address=/doubleclick.net/127.0.0.1