dnsmasq is a very handy DHCP server for the LAN. I also use it as a DNS forwarder, so I can use hostnames for all my virtual machines under the gavowen.local domain.
I had a few little battles setting this up so thought I’d share the step by step.
Step 1 of course is to create your “CT’. It doesn’t need much so I just gave it the following:
root@pve01:/etc/pve/lxc# cat 100.conf #dnsmasq DNS/DHCP server%0A%0A arch: amd64 cpulimit: 1 cpuunits: 1024 hostname: dnsmasq memory: 512 nameserver: 203.8.183.1 192.189.54.17 net0: name=eth0,bridge=vmbr1,gw=10.69.10.1,hwaddr=00:0A:DE:01:00:10,ip=10.69.10.41/24,ip6=auto,tag=10,type=veth onboot: 1 ostype: ubuntu rootfs: ssdmirror:subvol-100-disk-1,size=8G searchdomain: gavowen.local startup: order=1,up=10,down=5 swap: 512
1 core, half a gig of RAM/swap and a 8G disk is plenty. That’s by standard amount for smaller containers (CTs).
A few things tripped me up. The debian sources aren’t optimal for me, the local timezone wasn’t set, and “resolvconf” was screwing up dnsmasq.
After creating the CT, some housekeeping:
root@media:/home/hts/.hts# cat /etc/apt/sources.list deb http://au.archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse deb http://au.archive.ubuntu.com/ubuntu/ xenial-updates main restricted universe multiverse deb http://au.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse deb http://archive.canonical.com/ubuntu xenial partner deb http://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
Those “au” ones are much better for Australia. You can possibly find even faster ones with this guide, although I don’t know if that works with Ubuntu. It certainly works in Debian.
The timezone wasn’t set so I fixed that with:
dpkg-reconfigure tzdata
Then I went to work with apt:
apt-get update apt-get dist-upgrade apt-get autoremove apt-get remove resolvconf apt-get install dnsmasq
The resolvconf fix I found here. If you don’t remove resolvconf, or fix the issue up another way you get something like this:
root@dnsmasq:/etc# service dnsmasq status * dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Drop-In: /run/systemd/generator/dnsmasq.service.d `-50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf Active: active (running) since Sun 2016-09-18 03:24:07 UTC; 3s ago Process: 910 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS) Process: 953 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS) Process: 944 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS) Process: 943 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 952 (dnsmasq) CGroup: /system.slice/dnsmasq.service `-952 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -r /var/run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpk Sep 18 03:24:06 dnsmasq dnsmasq[943]: dnsmasq: syntax check OK. Sep 18 03:24:06 dnsmasq dnsmasq[952]: started, version 2.75 cachesize 500 Sep 18 03:24:06 dnsmasq dnsmasq[952]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset au Sep 18 03:24:06 dnsmasq dnsmasq-dhcp[952]: DHCP, IP range 10.69.10.100 -- 10.69.10.149, lease time 12h Sep 18 03:24:06 dnsmasq dnsmasq[952]: using local addresses only for domain gavowen.local Sep 18 03:24:06 dnsmasq dnsmasq[952]: no servers found in /var/run/dnsmasq/resolv.conf, will retry Sep 18 03:24:06 dnsmasq dnsmasq[952]: read /etc/hosts - 5 addresses Sep 18 03:24:06 dnsmasq dnsmasq[952]: read /etc/banner_add_hosts - 0 addresses Sep 18 03:24:07 dnsmasq dnsmasq[953]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolv Sep 18 03:24:07 dnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
The DHCP part of dnsmasq works fine, but DNS breaks like this (tcpdump)
03:38:02.900866 IP dnsmasq.gavowen.local.domain > 10.69.10.80.59954: 48699 Refused 0/0/0 (45) 03:38:03.887415 IP 10.69.10.80.58335 > dnsmasq.gavowen.local.domain: 4837+ A? img-s-msn-com.akamaized.net. (45) 03:38:03.887523 IP dnsmasq.gavowen.local.domain > 10.69.10.80.58335: 4837 Refused 0/0/0 (45) 03:38:04.076221 IP 10.69.10.80.52683 > dnsmasq.gavowen.local.domain: 59968+ A? img-s-msn-com.akamaized.net. (45) 03:38:04.076306 IP dnsmasq.gavowen.local.domain > 10.69.10.80.52683: 59968 Refused 0/0/0 (45) 03:38:05.068785 IP 10.69.10.80.54085 > dnsmasq.gavowen.local.domain: 24507+ A? img-s-msn-com.akamaized.net. (45) 03:38:05.068892 IP dnsmasq.gavowen.local.domain > 10.69.10.80.54085: 24507 Refused 0/0/0 (45)
Now for my /etc/dnsmasq.conf
root@dnsmasq:~# cat /etc/dnsmasq.conf # Configuration file for dnsmasq. ############ ## SERVER ## ############ # listen interface and address except-interface=lo0 listen-address=10.69.10.41 ######### ## DNS ## ######### local=/gavowen.local/ # domain(s) to search local /etc/hosts cache-size=500 # set DNS lookup cache to 500 entries no-negcache # don't do negative caching domain-needed # never forward plain names bogus-priv # never forward bogus private (RFC1918) addresses # block 'sitefinder' wildcard redirects from VeriSign and others for bogus A records bogus-nxdomain=64.94.110.11 bogus-nxdomain=194.168.4.100 bogus-nxdomain=194.168.8.100 bogus-nxdomain=81.200.64.50 bogus-nxdomain=67.215.65.132 # no LDAP server for the local domain #srv-host=_ldap._tcp.gavowen.local # no LDAP server for the local domain # route rDNS to this server server=/10.69.10.in-addr.arpa/10.69.10.41 ########## ## DHCP ## ########## dhcp-leasefile=/var/lib/misc/dnsmasq.leases dhcp-authoritative dhcp-range=10.69.10.100,10.69.10.149,255.255.255.0,12h dhcp-option=option:router,10.69.10.1 # default route dhcp-option=option:dns-server,10.69.10.41 # dhcp-option=option:dns-server,10.69.10.41,203.8.183.1 dhcp-option=option:ntp-server,10.69.10.1 dhcp-option=23,50 # set default IP TTL to 50 # Windows clients and Samba dhcp-option=19,0 # option ip-forwarding off dhcp-option=44,10.69.10.20 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,10.69.10.20 # netbios datagram distribution server dhcp-option=46,8 # netbios node type dhcp-option=252,"\n" # send an empty WPAD option. Windows 7 and possibly later dhcp-option=vendor:MSFT,2,1i # Windows release DHCP lease when it shuts down # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true # These are the node types for netbios options: # 1 = B-node, 2 = P-node, 4 =M-node, 8 = H-node # FQDN settings for DHCP expand-hosts domain=gavowen.local # static leases dhcp-host=c4:4e:ac:0d:d4:8e,Kodi,10.69.10.60,infinite dhcp-host=00:18:dd:23:03:9d,HDHR-123039DD,10.69.10.61,infinite dhcp-host=fc:f1:52:a2:68:de,STR-DN850,10.69.10.63,infinite dhcp-host=b8:27:eb:db:27:28,OldKodi,10.69.10.64,infinite dhcp-host=00:17:88:2b:96:47,Philips-hue,10.69.10.70,infinite dhcp-host=30:85:a9:93:8a:5c,Vader,10.69.10.80,infinite dhcp-host=cc:20:e8:c4:42:64,Gavs-iPhone6S,10.69.10.81,infinite dhcp-host=34:ab:37:1e:cb:c1,Gavs-iPadAir2,10.69.10.82,infinite
touch the following DHCP leases file:
touch /var/lib/misc/dnsmasq.leases #DHCP leases file
Also update /etc/hosts so you can easily ping hosts on your network:
root@dnsmasq:~# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # --- BEGIN PVE --- 10.69.10.41 dnsmasq.gavowen.local dnsmasq # --- END PVE --- .69.10.40 pve01.gavowen.local pve01 10.69.10.42 crashplan.gavowen.local crashplan 10.69.10.43 media.gavowen.local media 10.69.10.50 sarlacc.gavowen.local sarlacc
much easier than IP addresses:
root@dnsmasq:~# ping sarlacc PING sarlacc.gavowen.local (10.69.10.50) 56(84) bytes of data. 64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=1 ttl=64 time=0.333 ms 64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=2 ttl=64 time=0.234 ms 64 bytes from sarlacc.gavowen.local (10.69.10.50): icmp_seq=3 ttl=64 time=0.214 ms ^C --- sarlacc.gavowen.local ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.214/0.260/0.333/0.053 ms root@dnsmasq:~# ping media PING media.gavowen.local (10.69.10.43) 56(84) bytes of data. 64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=1 ttl=64 time=0.283 ms 64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=2 ttl=64 time=0.031 ms 64 bytes from media.gavowen.local (10.69.10.43): icmp_seq=3 ttl=64 time=0.027 ms ^C --- media.gavowen.local ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.027/0.113/0.283/0.120 ms
last but not least start up dnsmasq:
service dnsmasq start service dnsmasq status
Hopefully now you are up and away with a nify little DNS and DHCP server.