Dnsmasq CentOS 7

Home » CentOS » Dnsmasq CentOS 7
CentOS 7 Comments

HI I setup dnsmasq on my computer. I tested with an entry in /etc/hosts for laptop.w530

I tested with “host laptop.w530” and I get unresolved (expected). If I add “nameserver 192.168.1.8” (my computer) to top of /etc/resolv.conf and do “host laptop.w530” I get 192.168.1.105 – so seems to be working.

Then I goto another machine, add the “nameserver 192.168.1.8” to
/etc/resolv.conf and do the same “host laptop.w530” and it does not resolve.

I can “telnet 192.168.1.8 53” to my machine and I get a response.

Am I missing something to have “other” machines ask my machine for name resolution ?

Thanks,

Jerry

7 thoughts on - Dnsmasq CentOS 7

  • Le 31/10/2020 à 14:17, Jerry Geis a écrit :

    Here’s a detailed blog article I wrote about Dnsmasq on CentOS 7:

    https://blog.microlinux.fr/dnsmasq-CentOS-7/

    It’s in French, but the Linux bits are universal.

    :o)

    Niki


    Microlinux – Solutions informatiques durables
    7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
    Mob. : 06 51 80 12 12

  • Hi Niki,

    Thanks good article… I was close in what I did – but still not working.

    I made this config file in /etc/dnsmasq.d

    more lsi.conf domain-needed bogus-priv interface = eth0
    expand-hosts local = / LayeredSolutionsInc.com /
    domain = LayeredSolutionsInc.com

    # The address 192.168.1.14 is the static IP of this server
    # You can find this ip by running ifconfig and look for the
    # IP of the interface which is connected to the router. listen-address7.0.0.1
    listen-address2.168.1.14
    bind-interfaces

    # Use open source DNS servers server=8.8.8.8

    # Create custom ‘domains’.
    # Custom ‘domains’ can also be added in /etc/hosts address=/LayeredSolutionsInc.com/192.168.1.14

    I restart dnsmasq of course… The resolution works on the same machine – but not for any other linux box.

    I add the nameserver 192.168.1.14 to the /etc/resolv.conf of that machine – but resolution does not work.

    Thoughts? (note I moved from my original 192.168.1.8 to 192.168.1.14
    machine) – same issue resolves locally but not for other machines.

    Jerry

  • Are you sure you have opened 53/udp ?

    Best Regards, Strahil Nikolov

    В събота, 31 октомври 2020 г., 16:15:10 Гринуич+2, Jerry Geis написа:

    Hi Niki,

    Thanks good article… I was close in what  I did – but still not working.

    I made this config file in /etc/dnsmasq.d

    more lsi.conf domain-needed bogus-priv interface = eth0
    expand-hosts local = / LayeredSolutionsInc.com /
    domain = LayeredSolutionsInc.com

    # The address 192.168.1.14 is the static IP of this server
    # You can find this ip by running ifconfig and look for the
    # IP of the interface which is connected to the router. listen-address=127.0.0.1
    listen-address=192.168.1.14
    bind-interfaces

    # Use open source DNS servers server=8.8.8.8

    # Create custom ‘domains’.
    # Custom ‘domains’ can also be added in /etc/hosts address=/LayeredSolutionsInc.com/192.168.1.14

    I restart dnsmasq of course… The resolution works on the same machine – but not for any other linux box.

    I add the nameserver 192.168.1.14 to the /etc/resolv.conf of that machine – but resolution does not work.

    Thoughts? (note I moved from my original 192.168.1.8 to 192.168.1.14
    machine) – same issue resolves locally but not for other machines.

    Jerry

  • Good call, but you left out the “how”:

    $ sudo firewall-cmd –add-service dns
    $ sudo firewall-cmd –add-service dns –permanent

    Without the second command, it affects the runtime firewall only, and without the first, it doesn’t take effect until the next reboot.

    To the OP: DNS needs both TCP *and* UDP service on port 53. Your telnet test is incomplete, and in fact covers only some of the lesser-used code paths in DNS servers. (Zone transfers, etc.) Most DNS service needs UDP only, and expects that to work; there is no fallback to TCP if UDP fails.

  • The canonical DNS testing tool is dig. It displays the outbound query packet and the reply, in great detail. You’ll find it in the bind-utils package.

  • Thanks All for the suggestions. I was still using iptables – not firewalld – I did miss the UDP port 53. That was my issue. Thanks Niki for the article and everyone.

    Thanks again.

    Jerry

  • Le 01/11/2020 à 22:21, Jerry Geis a écrit :

    Your mileage may vary, but usually when I fiddle with a new service that I
    don’t know well, I start out by disabling the firewall, putting SELinux in permissive mode or deactivating it altogether.

    Then, when things start working as expected, I’ll add them again progressively until everything works perfectly.


    Microlinux – Solutions informatiques durables
    7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
    Mob. : 06 51 80 12 12