You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

7.2 KiB




Purpose & Overview

Lightweight DHCP and DNS server.

dnsmasq solves the problem of accessing self hosted stuff when you are inside your network. As asking google's DNS for will return your very own public IP and most routers/firewalls wont allow this loopback, where your requests should go out and then right back.
Usual quick way to solve this issue is editing the hosts file on your machine, adding IP-hostname pair. This tells your machine to fuck asking google's DNS, the rule is right there, goes directly to the local server ip
But if more devices should "just work" it is a no-go, since this just works one the machine which hosts file was edited.

So the answer is running a DNS server that does this paring of IPs with hostnames, and a DHCP server that tells the devices on the network to use this DNS.

extra info
DNS servers run on port 53.


  • the machine that will be running it should have set static IP

Files and directory structure

├── dnsmasq.conf
├── hosts
└── resolve.conf
  • dnsmasq.conf - the main config file for dnsmasq where DNS and DHCP functionality is set
  • resolve.conf - a file containing ip addresses of DNS nameservers to be used by the machine it resides on
  • hosts - a file that can provide additional hostname-ip mapping

hosts and resolve.conf are just normal system files always in use on any linux system.
dnsmasq.conf comes with the dnsmasq installation.


Install dnsmasq from your linux official repos.



# DNS --------------------------------------------------------------------------

# Never forward plain names (without a dot or domain part)
# Never forward addresses in the non-routed address spaces.

# If you don't want dnsmasq to read /etc/resolv.conf


# interface and address

# Upstream Google and Cloudflare nameservers

# DNS entries ------------------------------------------------------------------

# wildcard DNS entry sending domain and all its subdomains to an ip
# subdomain override

# DHCP -------------------------------------------------------------------------

# gateway

# DHCP static IPs --------------------------------------------------------------
# mac address : ip address



extra info

  • dnsmasq --test - validates the config
  • dnsmasq --help dhcp - lists all the DHCP options

You can also run just DNS server, by deleting the DHCP section in the dnsmasq.conf to the end.
Then on your router, in the DHCP>DNS settings, you just put in the ip address of the dnsmasq host as the DNS server.


A file that contains DNS nameservers to be used by the linux machine it sits on.
Since dnsmasq, a DNS server, is running right on this machine, the entries just point to localhost.


nameserver ::1

Bit of an issue is that resolv.conf belongs to glibc, a core linux library. But there are other network related services that like to fuck with it. Like dhcpcd, networkmanager, systemd-resolved,...
Ideally you know what is running on your host linux system, but just in case resolv.conf will be flagged as immutable. This prevents all possible changes to it unless the attribute is removed.

Edit /etc/resolv.conf and set localhost as the DNS nameserver, as shown above.

  • Make it immutable to prevent any changes to it.
    sudo chattr +i /etc/resolv.conf
  • Check if the content is what was set.
    cat /etc/resolv.conf


hosts     docker-host     gateway

This is a file present on every system, linux, windows, mac, android,... where you can assign a hostname to an IP.
dnsmasq reads /etc/hosts for IP hostname pairs and adds them to its own resolve records.

Unfortunately no wildcard support.
But as seen in the dnsmasq.conf, when domain is set it acts as a wildcard rule. So stuff here is just for show.

Start the service

sudo systemctl enable --now dnsmasq

  • Check if it started without errors
    journalctl -u dnsmasq.service
  • If you get "port already in use" error, check which service is using port 53
    sudo ss -tulwnp
    stop and disable that service, for example if it is systemd-resolved
    sudo systemctl disable --now systemd-resolved
  • Make sure you disable other DHCP servers on the network, usually a router is running one.

Test it


Set some machine on the network to use DHCP for its network setting.
Network connection should just work with full connectivity.

You can check on the dnsmasq host, file /var/lib/misc/dnsmasq.leases for the active leases. Location of the file can vary base on your linux distro.


nslookup is a utility that checks DNS mapping, part of bind-utils or bind-tools packages, again depending on the distro, but also available on windows.

  • nslookup
  • nslookup docker-host
  • nslookup
  • nslookup
  • nslookup


  • ping fails from windows when using hostname
    windows ping does not do dns lookup when just plain hostname is used
    ping meh-pc
    it's a quirk of windows ping utility. Can be solved by adding dot, which makes it look like domain name and this forces the dns lookup before pinging
    ping meh-pc.

  • slow ping of a hostname, but fast nslookup on a linux machine
    for me it was systemd-resolved running on the machine I was doing ping from.
    It can be stopped and disabled.
    sudo systemctl disable --now systemd-resolved


During host linux packages update.

Backup and restore


Using borg that makes daily snapshot of the /etc directory which contains the config files.


Replace the content of the config files with the one from the backup.