selfhosted-apps-docker/dnsmasq/readme.md

227 lines
7.1 KiB
Markdown
Raw Normal View History

2020-05-05 15:39:05 +00:00
# dnsmasq
2020-05-18 22:49:18 +00:00
###### guide-by-example
2020-05-05 15:39:05 +00:00
![logo](https://i.imgur.com/SOa4kRd.png)
2020-05-06 21:56:51 +00:00
# Purpose & Overview
2020-05-05 15:39:05 +00:00
Lightweight DHCP and DNS server.
* [Official site](http://www.thekelleys.org.uk/dnsmasq/doc.html)
2020-05-06 21:56:51 +00:00
* [Arch wiki](https://wiki.archlinux.org/index.php/dnsmasq)
dnsmasq solves the problem of accessing self hosted stuff when you are inside
2020-05-16 13:18:21 +00:00
your network. As asking google's DNS for `example.com` will return your
2020-05-06 21:56:51 +00:00
very own public IP and most routers/firewalls wont allow this loopback,
where your requests should go out and then right back.</br>
2020-05-16 19:58:07 +00:00
Usual quick way to solve this issue is
[editing the `hosts` file](
https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2#--editing-hosts-file)
2020-05-21 21:53:30 +00:00
on your machine, adding `192.168.1.222 example.com` IP-hostname pair.
This tells your machine to fuck asking google's DNS, the rule is right there,
`example.com` goes directly to the local server ip `192.168.1.222`.</br>
But if more devices should "just work" it is a no-go, since this just works
one the machine which `hosts` file was edited.</br>
So the answer is running a DNS server that does this
and a DHCP server that tells the devices on the network
2020-05-06 21:56:51 +00:00
to use this DNS.
2020-05-05 15:39:05 +00:00
2020-05-08 13:06:32 +00:00
# Prerequisites
2020-05-21 21:40:14 +00:00
* the machine that will be running it should have set static IP
2020-05-08 13:06:32 +00:00
2020-05-05 15:39:05 +00:00
# Files and directory structure
```
/etc/
2020-05-06 00:27:22 +00:00
├── dnsmasq.conf
├── hosts
└── resolve.conf
2020-05-05 15:39:05 +00:00
```
2020-05-06 22:05:33 +00:00
* `dnsmasq.conf` - the main config file for dnsmasq where DNS and DHCP functionality is set
2020-05-06 01:03:49 +00:00
* `resolve.conf` - a file containing ip addresses of DNS nameservers to be used
2020-05-06 00:58:00 +00:00
by the machine it resides on
* `hosts` - a file that can provide additional hostname-ip mapping
`hosts` and `resolve.conf` are just normal system files always in use on any linux
2020-05-06 21:56:51 +00:00
system.</br>
`dnsmasq.conf` comes with the dnsmasq installation.
2020-05-06 00:58:00 +00:00
2020-05-05 15:39:05 +00:00
# Installation
2020-05-06 00:58:00 +00:00
Install dnsmasq from your linux official repos.
2020-05-05 15:39:05 +00:00
# Configuration
`dnsmasq.conf`
```bash
2020-05-06 00:27:22 +00:00
# DNS --------------------------------------------------------------------------
2020-05-05 15:39:05 +00:00
2020-05-06 00:27:22 +00:00
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
2020-05-05 15:39:05 +00:00
2020-05-06 00:27:22 +00:00
# If you don't want dnsmasq to read /etc/resolv.conf
no-resolv
no-poll
2020-05-05 15:39:05 +00:00
2020-05-08 13:06:32 +00:00
cache-size=1000
# interface and address
2020-05-06 00:27:22 +00:00
interface=enp0s25
listen-address=::1,127.0.0.1
2020-05-05 15:39:05 +00:00
2020-05-06 00:27:22 +00:00
# Upstream Google and Cloudflare nameservers
server=8.8.8.8
server=1.1.1.1
2020-05-05 15:39:05 +00:00
2020-05-18 22:49:18 +00:00
# DNS entries ------------------------------------------------------------------
2020-05-05 15:39:05 +00:00
2020-05-06 01:03:49 +00:00
# wildcard DNS entry sending domain and all its subdomains to an ip
2020-05-16 13:18:21 +00:00
address=/example.com/192.168.1.2
2020-05-06 00:27:22 +00:00
# subdomain override
2020-05-16 13:18:21 +00:00
address=/plex.example.com/192.168.1.3
2020-05-05 15:39:05 +00:00
2020-05-06 00:27:22 +00:00
# DHCP -------------------------------------------------------------------------
2020-05-06 21:56:51 +00:00
dhcp-authoritative
dhcp-range=192.168.1.50,192.168.1.200,255.255.255.0,480h
2020-05-06 00:27:22 +00:00
# gateway
2020-05-06 21:56:51 +00:00
dhcp-option=option:router,192.168.1.1
2020-05-06 00:27:22 +00:00
2020-05-06 21:56:51 +00:00
# DHCP static IPs --------------------------------------------------------------
# mac address : ip address
dhcp-host=08:00:27:68:f9:bf,192.168.1.150
2020-05-06 00:27:22 +00:00
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
2020-05-05 15:39:05 +00:00
```
2020-05-06 21:56:51 +00:00
*extra info*
* `dnsmasq --test` - validates the config
* `dnsmasq --help dhcp` - lists all the DHCP options
2020-05-09 00:49:15 +00:00
You can also run **just DNS server**, by deleting the DHCP section
2020-05-08 13:08:10 +00:00
in the `dnsmasq.conf` to the end.</br>
2020-05-09 00:49:15 +00:00
Then on your router, in the DHCP>DNS settings, you just put in the ip address
2020-05-08 13:08:10 +00:00
of the dnsmasq host as the DNS server.
2020-05-08 13:06:32 +00:00
2020-05-05 15:39:05 +00:00
# resolv.conf
2020-05-10 10:55:02 +00:00
A file that contains DNS nameservers to be used by the linux machine it sits on.</br>
Since dnsmasq, a DNS server, is running right on this machine,
the entries just point to localhost.</br>
2020-05-06 22:05:33 +00:00
`resolv.conf`
```
nameserver ::1
nameserver 127.0.0.1
```
2020-05-21 21:40:14 +00:00
Bit of an issue is that `resolv.conf` belongs to glibc, a core linux library.
But there are other network related services that like to fuck with it.
Like dhcpcd, networkmanager, systemd-resolved,...</br>
Ideally you know what is running on your host linux system, but just in case
`resolv.conf` will be flagged as immutable.
This prevents all possible changes to it unless the attribute is removed.
2020-05-05 15:39:05 +00:00
2020-05-19 20:24:09 +00:00
Edit `/etc/resolv.conf` and set localhost as the DNS nameserver, as shown above.
2020-05-05 15:39:05 +00:00
2020-05-21 21:40:14 +00:00
* Make it immutable to prevent any changes to it.</br>
`sudo chattr +i /etc/resolv.conf`
* Check if the content is what was set.</br>
`cat /etc/resolv.conf`
2020-05-06 00:27:22 +00:00
2020-05-05 15:39:05 +00:00
# /etc/hosts
2020-05-06 00:27:22 +00:00
`hosts`
```
192.168.1.2 docker-host
192.168.1.1 gateway
2020-05-16 13:18:21 +00:00
192.168.1.2 example.com
192.168.1.2 nextcloud.example.com
192.168.1.2 book.example.com
192.168.1.2 passwd.example.com
192.168.1.2 grafana.example.com
2020-05-06 00:27:22 +00:00
```
2020-05-06 22:05:33 +00:00
This is a file present on every system, linux, windows, mac, android,...
where you can assign a hostname to an IP.</br>
dnsmasq reads `/etc/hosts` for IP hostname pairs and adds them to its own
resolve records.
2020-05-10 10:55:02 +00:00
Unfortunately no wildcard support.</br>
But as seen in the `dnsmasq.conf`, when domain is set it acts as a wildcard
2020-05-16 13:18:21 +00:00
rule. So `example.com` stuff here is just for show.
2020-05-06 22:05:33 +00:00
2020-05-06 01:04:22 +00:00
# Start the service
2020-05-06 00:27:22 +00:00
`sudo systemctl enable --now dnsmasq`
2020-05-21 21:40:14 +00:00
* Check if it started without errors</br>
`journalctl -u dnsmasq.service`
2020-05-19 20:34:36 +00:00
* If you get "port already in use" error, check which service is responsible</br>
2020-05-19 20:31:53 +00:00
`sudo ss -tulwnp`</br>
2020-05-21 21:40:14 +00:00
stop and disable that service, for example if it is `systemd-resolved`</br>
2020-05-19 20:34:36 +00:00
`sudo systemctl disable --now systemd-resolved`
2020-05-19 20:24:09 +00:00
* Make sure you **disable other DHCP servers** on the network,
2020-05-19 20:31:53 +00:00
usually a router is running one.
2020-05-06 21:56:51 +00:00
2020-05-06 00:27:22 +00:00
# Test it
2020-05-06 00:35:55 +00:00
#### DHCP
2020-05-06 00:27:22 +00:00
2020-05-06 21:56:51 +00:00
Set some machine on the network to use DHCP for its network setting.</br>
2020-05-10 10:55:02 +00:00
Network connection should just work with full connectivity.
2020-05-05 15:39:05 +00:00
2020-05-06 00:35:55 +00:00
You can check on the dnsmasq host, file `/var/lib/misc/dnsmasq.leases`
2020-05-06 00:58:00 +00:00
for the active leases. Location of the file can vary base on your linux distro.
2020-05-06 00:27:22 +00:00
2020-05-06 00:35:55 +00:00
#### DNS
2020-05-06 00:27:22 +00:00
2020-05-10 10:55:02 +00:00
nslookup is a utility that checks DNS mapping,
2020-05-10 21:48:51 +00:00
part of `bind-utils` or `bind-tools` packages, again depending on the distro,
2020-05-18 22:49:18 +00:00
but also available on windows.
2020-05-06 00:58:00 +00:00
2020-05-06 00:27:22 +00:00
* `nslookup google.com`
* `nslookup docker-host`
2020-05-16 13:18:21 +00:00
* `nslookup example.com`
* `nslookup whateverandom.example.com`
* `nslookup plex.example.com`
2020-05-05 15:39:05 +00:00
2020-05-18 22:49:18 +00:00
### Troubleshooting
2020-05-19 20:55:30 +00:00
* **ping fails from windows when using hostname**</br>
windows ping does not do dns lookup when just plain hostname is used</br>
`ping meh-pc`</br>
it's a [quirk](https://superuser.com/questions/495759/why-is-ping-unable-to-resolve-a-name-when-nslookup-works-fine/1257512#1257512)
2020-05-21 21:40:14 +00:00
of windows ping utility.
Can be solved by adding dot, which makes it look like domain name and this
forces the dns lookup before pinging</br>
2020-05-19 20:55:30 +00:00
`ping meh-pc.`</br>
* **slow ping of a hostname, but fast nslookup on a linux machine**</br>
for me it was `systemd-resolved` running on the machine I was doing ping from.</br>
It can be stopped and disabled.</br>
`sudo systemctl disable --now systemd-resolved`
2020-05-18 22:49:18 +00:00
2020-05-05 15:39:05 +00:00
# Update
2020-05-06 00:27:22 +00:00
During host linux packages update.
# Backup and restore
2020-05-06 00:35:55 +00:00
#### Backup
2020-05-06 00:27:22 +00:00
2020-05-08 11:52:29 +00:00
Using [borg](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/borg_backup)
that makes daily snapshot of the /etc directory which contains the config files.
2020-05-06 00:27:22 +00:00
2020-05-06 00:35:55 +00:00
#### restore
2020-05-05 15:39:05 +00:00
2020-05-06 21:56:51 +00:00
Replace the content of the config files with the one from the backup.