dnsmasq is a very handy DHCP server for the LAN. I also use it as a DNS forwarder, so I can use hostnames for all my virtual machines under the gavowen.local domain.
I had a few little battles setting this up so thought I’d share the step by step.
Step 1 of course is to create your “CT’. It doesn’t need much so I just gave it the following:
root@pve01:/etc/pve/lxc# cat 100.conf
#dnsmasq DNS/DHCP server%0A%0A
arch: amd64
cpulimit: 1
cpuunits: 1024
hostname: dnsmasq
memory: 512
nameserver: 203.8.183.1 192.189.54.17
net0: name=eth0,bridge=vmbr1,gw=10.69.10.1,hwaddr=00:0A:DE:01:00:10,ip=10.69.10.41/24,ip6=auto,tag=10,type=veth
onboot: 1
ostype: ubuntu
rootfs: ssdmirror:subvol-100-disk-1,size=8G
searchdomain: gavowen.local
startup: order=1,up=10,down=5
swap: 512
1 core, half a gig of RAM/swap and a 8G disk is plenty. That’s by standard amount for smaller containers (CTs).
A few things tripped me up. The debian sources aren’t optimal for me, the local timezone wasn’t set, and “resolvconf” was screwing up dnsmasq.
After creating the CT, some housekeeping:
root@media:/home/hts/.hts# cat /etc/apt/sources.list
deb http://au.archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse
deb http://au.archive.ubuntu.com/ubuntu/ xenial-updates main restricted universe multiverse
deb http://au.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu xenial partner
deb http://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
Those “au” ones are much better for Australia. You can possibly find even faster ones with this guide, although I don’t know if that works with Ubuntu. It certainly works in Debian.
The timezone wasn’t set so I fixed that with:
dpkg-reconfigure tzdata
Then I went to work with apt:
apt-get update
apt-get dist-upgrade
apt-get autoremove
apt-get remove resolvconf
apt-get install dnsmasq
The resolvconf fix I found here. If you don’t remove resolvconf, or fix the issue up another way you get something like this:
root@dnsmasq:/etc# service dnsmasq status
* dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/dnsmasq.service.d
`-50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
Active: active (running) since Sun 2016-09-18 03:24:07 UTC; 3s ago
Process: 910 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 953 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 944 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 943 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 952 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
`-952 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpk
Sep 18 03:24:06 dnsmasq dnsmasq[943]: dnsmasq: syntax check OK.
Sep 18 03:24:06 dnsmasq dnsmasq[952]: started, version 2.75 cachesize 500
Sep 18 03:24:06 dnsmasq dnsmasq[952]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset au
Sep 18 03:24:06 dnsmasq dnsmasq-dhcp[952]: DHCP, IP range 10.69.10.100 -- 10.69.10.149, lease time 12h
Sep 18 03:24:06 dnsmasq dnsmasq[952]: using local addresses only for domain gavowen.local
Sep 18 03:24:06 dnsmasq dnsmasq[952]: no servers found in /var/run/dnsmasq/resolv.conf, will retry
Sep 18 03:24:06 dnsmasq dnsmasq[952]: read /etc/hosts - 5 addresses
Sep 18 03:24:06 dnsmasq dnsmasq[952]: read /etc/banner_add_hosts - 0 addresses
Sep 18 03:24:07 dnsmasq dnsmasq[953]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolv
Sep 18 03:24:07 dnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
The DHCP part of dnsmasq works fine, but DNS breaks like this (tcpdump)
03:38:02.900866 IP dnsmasq.gavowen.local.domain > 10.69.10.80.59954: 48699 Refused 0/0/0 (45)
03:38:03.887415 IP 10.69.10.80.58335 > dnsmasq.gavowen.local.domain: 4837+ A? img-s-msn-com.akamaized.net. (45)
03:38:03.887523 IP dnsmasq.gavowen.local.domain > 10.69.10.80.58335: 4837 Refused 0/0/0 (45)
03:38:04.076221 IP 10.69.10.80.52683 > dnsmasq.gavowen.local.domain: 59968+ A? img-s-msn-com.akamaized.net. (45)
03:38:04.076306 IP dnsmasq.gavowen.local.domain > 10.69.10.80.52683: 59968 Refused 0/0/0 (45)
03:38:05.068785 IP 10.69.10.80.54085 > dnsmasq.gavowen.local.domain: 24507+ A? img-s-msn-com.akamaized.net. (45)
03:38:05.068892 IP dnsmasq.gavowen.local.domain > 10.69.10.80.54085: 24507 Refused 0/0/0 (45)
Now for my /etc/dnsmasq.conf
root@dnsmasq:~# cat /etc/dnsmasq.conf
# Configuration file for dnsmasq.
############
## SERVER ##
############
# listen interface and address
except-interface=lo0
listen-address=10.69.10.41
#########
## DNS ##
#########
local=/gavowen.local/ # domain(s) to search local /etc/hosts
cache-size=500 # set DNS lookup cache to 500 entries
no-negcache # don't do negative caching
domain-needed # never forward plain names
bogus-priv # never forward bogus private (RFC1918) addresses
# block 'sitefinder' wildcard redirects from VeriSign and others for bogus A records
bogus-nxdomain=64.94.110.11
bogus-nxdomain=194.168.4.100
bogus-nxdomain=194.168.8.100
bogus-nxdomain=81.200.64.50
bogus-nxdomain=67.215.65.132
# no LDAP server for the local domain
#srv-host=_ldap._tcp.gavowen.local # no LDAP server for the local domain
# route rDNS to this server
server=/10.69.10.in-addr.arpa/10.69.10.41
##########
## DHCP ##
##########
dhcp-leasefile=/var/lib/misc/dnsmasq.leases
dhcp-authoritative
dhcp-range=10.69.10.100,10.69.10.149,255.255.255.0,12h
dhcp-option=option:router,10.69.10.1 # default route
dhcp-option=option:dns-server,10.69.10.41
# dhcp-option=option:dns-server,10.69.10.41,203.8.183.1
dhcp-option=option:ntp-server,10.69.10.1
dhcp-option=23,50 # set default IP TTL to 50
# Windows clients and Samba
dhcp-option=19,0 # option ip-forwarding off
dhcp-option=44,10.69.10.20 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
dhcp-option=45,10.69.10.20 # netbios datagram distribution server
dhcp-option=46,8 # netbios node type
dhcp-option=252,"\n" # send an empty WPAD option. Windows 7 and possibly later
dhcp-option=vendor:MSFT,2,1i # Windows release DHCP lease when it shuts down
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
# These are the node types for netbios options:
# 1 = B-node, 2 = P-node, 4 =M-node, 8 = H-node
# FQDN settings for DHCP
expand-hosts
domain=gavowen.local
# static leases
dhcp-host=c4:4e:ac:0d:d4:8e,Kodi,10.69.10.60,infinite
dhcp-host=00:18:dd:23:03:9d,HDHR-123039DD,10.69.10.61,infinite
dhcp-host=fc:f1:52:a2:68:de,STR-DN850,10.69.10.63,infinite
dhcp-host=b8:27:eb:db:27:28,OldKodi,10.69.10.64,infinite
dhcp-host=00:17:88:2b:96:47,Philips-hue,10.69.10.70,infinite
dhcp-host=30:85:a9:93:8a:5c,Vader,10.69.10.80,infinite
dhcp-host=cc:20:e8:c4:42:64,Gavs-iPhone6S,10.69.10.81,infinite
dhcp-host=34:ab:37:1e:cb:c1,Gavs-iPadAir2,10.69.10.82,infinite
touch the following DHCP leases file:
touch /var/lib/misc/dnsmasq.leases #DHCP leases file
Also update /etc/hosts so you can easily ping hosts on your network:
root@dnsmasq:~# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# --- BEGIN PVE ---
10.69.10.41 dnsmasq.gavowen.local dnsmasq
# --- END PVE ---
.69.10.40 pve01.gavowen.local pve01
10.69.10.42 crashplan.gavowen.local crashplan
10.69.10.43 media.gavowen.local media
10.69.10.50 sarlacc.gavowen.local sarlacc
much easier than IP addresses:
root@dnsmasq:~# ping sarlacc
PING sarlacc.gavowen.local (10.69.10.50) 56(84) bytes of data.
64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=1 ttl=64 time=0.333 ms
64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=2 ttl=64 time=0.234 ms
64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=3 ttl=64 time=0.214 ms
^C
--- sarlacc.gavowen.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.214/0.260/0.333/0.053 ms
root@dnsmasq:~# ping media
PING media.gavowen.local (10.69.10.43) 56(84) bytes of data.
64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=1 ttl=64 time=0.283 ms
64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=3 ttl=64 time=0.027 ms
^C
--- media.gavowen.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.027/0.113/0.283/0.120 ms
last but not least start up dnsmasq:
service dnsmasq start
service dnsmasq status
Hopefully now you are up and away with a nify little DNS and DHCP server.