Simple Tiny Network Name Services
A great way to start a religious war is to discuss domain name services. I previously documented my experiences with BIND 9 on FreeBSD, and I really didn't want to repeat the process for my small lab network.
Looking in the ports tree I found Dnsmasq, "a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network." Wow, that sounds perfect (but I don't need DHCP).
I decided to try this on a Debian host that had a fully populated /etc/hosts file.
Note that by default, no DHCP server is started.
That's it. Now I point all my hosts to the IP address of this Debian box, and it resolves local and remote IPs. I made sure the Debian host had my ISP's DNS servers in its /etc/resolv.conf file. Easy.
Looking in the ports tree I found Dnsmasq, "a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network." Wow, that sounds perfect (but I don't need DHCP).
I decided to try this on a Debian host that had a fully populated /etc/hosts file.
macmini:~# apt-get install dnsmasq
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
resolvconf
The following NEW packages will be installed:
dnsmasq
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 114kB of archives.
After unpacking 303kB of additional disk space will be used.
Get:1 http://mirrors.kernel.org stable/main dnsmasq 2.22-2 [114kB]
Fetched 114kB in 1s (78.8kB/s)
Selecting previously deselected package dnsmasq.
(Reading database ... 13695 files and directories currently installed.)
Unpacking dnsmasq (from .../dnsmasq_2.22-2_powerpc.deb) ...
Setting up dnsmasq (2.22-2) ...
Starting DNS forwarder and DHCP server: dnsmasq.
macmini:/etc/init.d# netstat -natup | grep dnsmasq
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3279/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3279/dnsmasq
udp 0 0 0.0.0.0:32770 0.0.0.0:* 3279/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3279/dnsmasq
udp6 0 0 :::53 :::* 3279/dnsmasq
Note that by default, no DHCP server is started.
That's it. Now I point all my hosts to the IP address of this Debian box, and it resolves local and remote IPs. I made sure the Debian host had my ISP's DNS servers in its /etc/resolv.conf file. Easy.
Comments
Just started reading your blog, seems to be updated and good content on it. Congrats on it and hope you keep it like this.
Other matters... is this thing secure? Bind has some security issues.
Bye!
Bammkkkk
Re: security, I haven't done a code audit.
Bamm: Dnsmasq is only using the /etc/hosts and /etc/resolv.conf file on the box where it's running. Pretty neat.
It is generally seen as much more secure than BIND. It is also fast, relatively easy to setup, and supposedly performs quite a bit better than BIND.
On the minus side, djb is a crank, doesn't follow RFCs, and the software has a more restrictive license than GPL. The minuses will have more or less weight depending on the user.
http://m0n0.ch/wall/software.php
Doug