LinuxCommandLibrary

dnsmasq

Provide DNS and DHCP services

TLDR

Start dnsmasq with default configuration

$ dnsmasq
copy

Run dnsmasq in the foreground (for debugging)
$ dnsmasq --no-daemon
copy

Specify a custom configuration file
$ dnsmasq --conf-file=[path/to/config.conf]
copy

Enable verbose logging
$ dnsmasq --log-queries --log-facility=-
copy

Set a DHCP range and lease time
$ dnsmasq --dhcp-range=[192.168.0.50,192.168.0.150,12h]
copy

Print dnsmasq version
$ dnsmasq --version
copy

SYNOPSIS

dnsmasq [options]

PARAMETERS

-h or --no-hosts
    Do not read the hostnames from /etc/hosts or additional hosts files.

-r <file> or --resolv-file=<file>
    Read upstream DNS servers from <file> instead of /etc/resolv.conf.

-p <port> or --port=<port>
    Listen on DNS port <port> instead of the default port 53.

-q or --log-queries
    Log the results of DNS queries to syslog.

-x <file> or --pid-file=<file>
    Specify the PID file for dnsmasq to write its process ID to.

--interface=<interface>
    Listen only on the specified network interface(s). Can be specified multiple times.

--listen-address=<ipaddr>
    Listen only on the specified IP address(es). Can be specified multiple times.

--bind-interfaces
    Bind only to the interfaces it is listening on, rather than the wildcard address.

--conf-file=<file>
    Specify an alternative configuration file instead of the default /etc/dnsmasq.conf.

--dhcp-range=<start>,<end>,<lease_time>
    Enable DHCP server, define a range of IP addresses to lease and their lease time (e.g., 192.168.1.100,192.168.1.200,12h).

--dhcp-host=<mac>,<ip>
    Assign a fixed IP address to a host based on its MAC address.

--dhcp-option=<option>
    Specify DHCP options to be sent to clients (e.g., option:router,192.168.1.1).

--enable-tftp
    Enable the built-in TFTP server.

--tftp-root=<directory>
    Specify the root directory for TFTP file transfers.

--cache-size=<size>
    Set the size of dnsmasq's DNS cache (number of entries). Default is 150.

--address=/<domain>/<ip>
    Force a specific domain (e.g., /my.local.domain/192.168.1.1) to resolve to a given IP address.

--server=/<domain>/<ip>
    Specify an upstream DNS server for specific domains (e.g., /internal.com/10.0.0.1).

DESCRIPTION

The dnsmasq command provides a lightweight and easy-to-configure DNS forwarder, DHCP server, and TFTP server. It's primarily designed for small networks, home networks, and embedded systems, such as routers. As a DNS forwarder, dnsmasq caches DNS queries, significantly improving resolution speed for frequently accessed domains. It can also be configured to resolve local hostnames from /etc/hosts or arbitrary domain-to-IP mappings.

Its DHCP server functionality supports static and dynamic IP address assignment, BOOTP, and PXE network booting. This makes it invaluable for managing network devices and provisioning new systems. The integrated TFTP server further complements PXE booting by serving boot images.

Known for its minimal resource consumption and ease of use, dnsmasq is a popular choice for situations where a full-blown DNS/DHCP suite like BIND or ISC DHCP server would be overkill.

CAVEATS

While powerful for small environments, dnsmasq is not designed for large-scale enterprise networks due to its single-process architecture and simpler feature set compared to more robust solutions like BIND or ISC DHCPD. It can also conflict with systemd-resolved on modern Linux distributions, requiring careful configuration (e.g., disabling systemd-resolved or making dnsmasq listen on a different port and configuring systemd-resolved to forward to it). Security is paramount: ensure it's not configured as an open resolver, which could be exploited for DNS amplification attacks.

CONFIGURATION FILES

Beyond command-line options, dnsmasq is typically configured via /etc/dnsmasq.conf. For better organization and modularity, it also processes configuration files found in /etc/dnsmasq.d/ (or a directory specified by --conf-dir), allowing for extensible setups without modifying the main configuration file.

DNS CACHING BEHAVIOR

dnsmasq acts as a caching DNS forwarder. When a client queries it, dnsmasq first checks its cache. If the answer is not found, it forwards the query to upstream DNS servers (defined in /etc/resolv.conf or by --resolv-file), caches the response, and then returns it to the client. This significantly reduces latency and external network traffic for repeated queries.

HISTORY

dnsmasq was originally developed by Simon Kelley, with its first stable release around 2000. It emerged from the need for a compact, efficient, and easy-to-configure DNS and DHCP solution suitable for embedded systems and small home networks. Its simplicity and low resource footprint quickly made it a popular choice for network devices like routers (e.g., those running OpenWrt or DD-WRT firmware). It has continuously evolved, adding features like TFTP and support for IPv6, while maintaining its core philosophy of being a lightweight, integrated network service provider.

SEE ALSO

bind(8), dhcpd(8), tftpd(8), named(8), host(1), dig(1), systemd-resolved(8)

Copied to clipboard