As I was moving some furniture around in my home office to find a spot for my new 6U Rack mount that had arrived during the week, I stumbled upon an old box of wires, routers and Arduino kits. Amongst them was an old friend sitting there exactly as I had left it a few years ago. A Model 2 Raspberry Pi.
When I originally bought it, I had played around with it for quite a while. It ended up being used as a media centre to stream movies and watching videos on youtube until I started using an XBox as my main media centre. Recently, I had been experimenting and working to get a home virtualisation / VDI lab setup (I’ll do a separate post on my setup), I started to feel the need to have a local DNS server available to aide my variable workloads. Additionally this would boost the performance of internet as all the DNS queries are cached locally. I still didn’t know where I would host my DNS service, so I decided to reuse my Raspberry Pi as a headless caching DNS server.
DNS is as they call it, a master phonebook for the internet. It can be a complicated subject in itself despite being a simple concept. In simpler terms it allows computers to discover each other using IP addresses (phone numbers) while letting humans only work with domains names (names of the websites) essentially doing all the hard work of translating domain names against IP addresses. It is considered quite an integral part of how the internet works and connects billions of computers / users with each other. Guys at DNSimple have quite a good illustration of how the entire DNS works — https://howdns.works/
Now that I knew where my DNS service About which DNS software to choose, the choice was simple for me. I went with the dnsmasq which is a lightweight, open-source application designed to provide DNS, DHCP (I only wanted DNS functionality), tftp, router advertisement and PXE boot services. Since my network will be small in size, dnsmasq will be perfect for my use-case and having a dedicated box (in this case, a Raspberry Pi with blue casing) with its own ethernet connection will make sure that local DNS queries are being resolved quickly across the network and non-local queries are being forwarded onto the secondary DNS servers on the internet.
Initial Setup
Since I will be running this in headless mode. I’ll make sure the right services are running on it for me to connect to it remotely, mainly ssh daemon. I am running Raspbian OS on my Raspberry Pi, so I decided to call my new DNS server RaspbiaNS as a hostname for ease of use.
root@raspbians:/# hostnamectl
Static hostname: raspbians
Icon name: computer
Operating System: Raspbian GNU/Linux 10 (buster)
Kernel: Linux 4.19.97+
Architecture: arm
I also made sure that I have a static IP address in mind that I want to allocate to my new DNS server, I have gone with 192.168.1.66
in this instance.
root@raspbians:/# ip a
1: eth0: inet 192.168.1.66/29 brd
And making sure that it is accessible from different machines on my LAN.
system:/# ping 192.168.1.66
64 bytes from 192.168.1.66: icmp_seq=0 ttl=64 time=3.766 ms
64 bytes from 192.168.1.66: icmp_seq=1 ttl=64 time=7.594 ms
64 bytes from 192.168.1.66: icmp_seq=2 ttl=64 time=5.136 ms
64 bytes from 192.168.1.66: icmp_seq=3 ttl=64 time=4.215 ms
64 bytes from 192.168.1.66: icmp_seq=4 ttl=64 time=6.005 ms
^C
--- 192.168.1.66 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.766/5.343/7.594/1.364 ms
Now that we have our RaspbiaNS ready, we can go ahead and install dnsmasq.
sudo apt-get install dnsmasq -y
The above should install, enable and start the dnsmasq service.
Configuration
Dnsmasq has lot of configuration to setup DNS, DHCP, router advertisement and other stuff. I, however, am only interested in using DNS service. The dnsmasq configurations are divided in 2 parts.
Configuration of the dnsmasq service
Dnsmasq stores all of its service configurations in /etc/dnsmasq.conf
and on the first install this file is fully commented out. The idea is that a user would uncomment the parts of the file based on the need of a service(s). Dnsmasq also provides the flexibility where it can be configured to point at different locations for its configurations as well as the configuration of the domains (zone equivalent in BIND9 server) however we will make sure we only use a single location for ease of management and future automation plans.
sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
echo "conf-dir=/etc/dnsmasq.d/,*.conf" > /etc/dnsmasq.conf
For us, we are only interested in the sections of the dnsmasq.conf
file that allow us to manage the DNS service. But first we will make a backup of the original dnsmasq.conf
file following the non-destructive workflow. The above lines do just that and tell dnsmasq to look for all the domain configuration only in the/etc/dnsmasq.d/
directory while using only *.conf
files. We will now look at the domain configurations themselves.
Configuration of the local domains (zone files)
For demonstration purpose, we will create a new domain configuration and try to see if dnsmasq resolves it. Create a new file called home.lan.conf
inside /etc/dnsmasq.d/
directory and copy and paste the following contents in the file.
Below I will try to explain what each line means.
no-dhcp-interface=eth0 } This allows you to choose your interfacebogus-priv } This means private ranges are not forwarded upstreamdomain=home.lan } The domain / zone you will be using the config forexpand-hosts } Automatically expand your domains to FQDNno-hosts } Ignore entries for this domain in /etc/hosts filedomain-needed } Require a domain when DNS is queriedno-resolv } Ignore DNS servers list in /etc/resolv.conf fileno-poll } Don't poll /etc/resolv.conf file for changesserver=208.67.222.222 } Upstream DNS resolver IPserver=208.67.220.220 } Upstream DNS resolver IPaddress=/raspbians.home.lan/192.168.1.66 } Name / IP resolution address=/router.home.lan/router/192.168.1.1 } Name / IP resolution
You can add and remove the line that you do not need. For full set of configurations and detailed explaination of these flags, please see man pages — http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Testing
Once the configuration is complete, we can start testing our new dns server. Let’s start with querying the router using the RaspbiaNS.
As you can see in the above screenshots of the DNS query and tcpdump, the server is responding to the query and resolving the address for the router and itself.
Now all I have to do is to make sure I use the newly created DNS servers IP as part of my DNS list on my clients or better yet add it to my routers DHCP list and so all the clients on my network can start sending the queries to it.
Conclusion
Hopefully this has given you a good overview into how you can implement a lightweight DNS Server for your own environment. From my perspective this is a perfect solution and of course only time will tell if the Raspberry pi will be a permanent solution for my day to day and longer term DNS query needs.