Dnsmasq Ubuntu 18.04
- Dnsmasq Ubuntu 18.04
- Dnsmasq Ubuntu 18.04 Server
- Ubuntu 18.04 Disable Dnsmasq
- Uninstall Dnsmasq Ubuntu 18.04
- Ubuntu 18.04 Install Dnsmasq
This is how I got DNSCrypt and dnsmasq on Ubuntu 18.04 working together. dnsmasq is used for local domains and DHCP while we use DNSCrypt as our forwarding DNSD server. To quote from the OpenDNS website “DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.”.
As usual I do all my testing on Virtual machines, using an Ubuntu 18.04 Minimal Server Installation. This gives a known good starting point without the bloat of a full desktop install.
Superseded on 2021-02-24 by amd64 build of dnsmasq 2.79-1ubuntu0.3 in ubuntu bionic RELEASE Published on 2021-01-19 Copied from ubuntu bionic-release amd64 in Private PPA for Ubuntu Security Team. Today we are going to Install & configure Dnsmasq DNS Server on Ubuntu 18.04 LTS. Dnsmasq is a simple, lightweight, easy to use & manage DNS server along with support for Lua scripting, IPv6, DNSSEC etc. It has a small footprint hence, suitable for resource-constrained routers & firewalls.
Install the software
We start off by installing dnsmasq on its own.
Dnsmasq Ubuntu 18.04
Now dnsmasq is installed we stop the daemon as it will use the same port as DNSCrypt. We want to test out DNSCrypt without dnsmasq to start with.
Install the package for DNSCrypt.
Configure DNSCrypt
To configure DBNSCrypt is reasonably simple to do just a couple of files to update.
Update the line for ResolverName changing the value from fvz-anyone to cisco. Even though fvz-anyone is supposed to work from anywhere. It never working in my testing. You can ignore the setting for LocalAddress as it will not be used, or you can comment it out.
Save the file and exit then reload the next file.
Here we are changing the default listening IP address, leave the port number at 53. Port 53 it the default port for DNS queries. This is what we want as we need to check DNSCrypt is woring okay before adding in dnsmasq.
Save the file and exit. Tell systemd that some files have changed and then stop and restart DNSCrypt. I found using the restart could be problematic.
Turn off systemd-resolved
Next we turn off systemd-resolved, it gets in the way. Not sure what the benefits of ever having this new service it always seems to break working systems.
Dnsmasq Ubuntu 18.04 Server
Now systemd-resolved to turned off we can also remove the resolve.conf file, or simply comment out all the nameserver lines.
Test DNSCrypt
DNSCrypt should now be usable. we can test that out with a few commands.
The important line is the last one saying “dnscrypt enabled (714E7A696D657555)”. We can also use dig to lookup IPs from host names as usual.
Looking for the TXT record again we should again see the dnscrypt line at the end.
To check that we are running on the right address and port, localhost:domain. as we know localhost is 127.0.0.1 and domain is listed in /etc/servers as port 53.
Another command to do a similar check.
Now we can check that dig is working and looking up IP's for host names. You are looking for something in the answer section. If all that is working you should be able to browse the we with out problems.
Change DNSCrypt port
So all that was working and DNSCrpt was configured to work looking up IPs for hostnames. Now we can sort out putting DNSCrypt on the port we need it on and then configure dnsmasq for local host lookups.
Ubuntu 18.04 Disable Dnsmasq
We start of by changing the port configured in dnscrypt-proxy.socket from 53 to 40. we are using 40 as it is not normally used.
Run the next few commands to, as before to stop and start DNSCrypt up again.
Uninstall Dnsmasq Ubuntu 18.04
Configure dnsmasq
As this post is, DNSCrypt and dnsmasq on Ubuntu 18.04, we better setup dnsmasq now that DNSCrypt is running on port 40.
The setting in the dnsmasq configuration file we need to change are as follows. the comments in the file explain why these settings are bing changed.
The file addn-hosts is used by dnsmasq to hold the static IP addresses from your local LAN. Ist format is the same as for the /etc/hosts file. Some examples are shown below. Yours will be different.
We can now restart dnsmasq and do some final testing.
Note the command above is very similar to the one we used to check DNSrypt. This time we have used a Perl regex (-P) to search for both dnscrypt and dnsmasq. Again the domain part oft he output tells us we are using port 53 for dnsmasq.
Further testing can be done with dig to see the same out put as we did before but we can now also lookup local host IPs via dnsmasq. as dnsmasq is a caching server if you lookup say bbc.co.uk twice and note the Query time the first will be about 20-25 msecs the second lookup time will be zero.
Query time
Ubuntu 18.04 Install Dnsmasq
There you have it, DNSCrypt and dnsmasq on Ubuntu 18.04 working together.
If you want to use dnsmasq for your DHCP see my post. For a more in depth look at Dnsmasq.