DNSmasq can be used to cache DNS requests for Linux distributions. however, it can be a little challenging.

The DNS cache works in order to speed up the DNS lookup procedure that converts a website domain name to its associated IP address. When several users on your network visit the same website address, utilizing the local DNS cache server can reduce the amount of time it takes for the web to load.

First Let’s see what is DNS Caching.

What Is DNS Caching?

The DNS is used by the internet to keep track of all publicly accessible online sites and their related IP addresses. It may be compared to a telephone directory. Using DNS prevents us from having to memorize each site’s IP, which is required for network infrastructure to interact with internet sites.

Whenever you request the search engine to display a webpage, this is what actually takes place behind the scenes.

Although your system has access to a large number of external DNS servers, the issue is that having a central replica of the DNS still speeds up transmission and resolution. This is when DNS caching comes into play.

<img alt="dnscache" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnscache.png" data- height="460" src="data:image/svg xml,” width=”824″>

Prior to sending the request to the web, the DNS cache handles identity resolution for recently and frequently accessed domains in an effort to expedite the procedure much more.

The DNS server is accessed whenever it’s necessary to resolve an IP address to a domain name. This can put an additional load on the DNS server, particularly if the website receives lots of requests simultaneously.

A DNS cache is utilized in order to decrease DNS requests and response times. The resolved IP addresses along with host details are saved locally. Rather than initiating a new DNS query, the result is retrieved from the DNS cache memory the next time the IP or domain name has to be resolved.

How does DNS caching help to fix intermittent DNS resolve issues on Amazon EC2 Instances?

The majority of Linux systems don’t use a local DNS cache. This implies that all DNS requests are sent straightforwardly to the authoritative DNS resolver provided by Amazon, which has a limitation, on the number of requests it can process at once. DNS resolution problems occur when there are a lot of requests.

Deploying a local DNS cache in the system will help you reduce CPU and network utilization while preventing DNS resolution errors. A local DNS cache responds to queries made to external DNS resources such as Amazon RDS and S3.

The DHCP protocol is used during launch by Amazon EC2 instances connected to Amazon VPCs to request a DNS server address.

<img alt="dnsaws" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnsaws.png" data- height="558" src="data:image/svg xml,” width=”1021″>

When you employ Amazon VPC to construct a virtual private cloud, Route 53 DNS Resolver effectively utilizes a resolver on the VPC to respond to DNS requests for EC2 instances running under local Amazon VPC web addresses and entries in privately administered zones. Resolver makes recurrent lookups across public DNS servers for all additional web addresses.

A DNS cache serves as a transitory record of previous DNS queries that our system can swiftly examine while attempting to access an online website. It maintains a log of every existing and subsequent session. This DNS cache makes the domain resolution easier and prevents errors with Amazon EC2 Linux instances.

Many users typically use Amazon’s Route 53 service for DNS when accessing AWS. It is really easy to use and almost free. But there are a number of reasons that could influence the user’s decision to use a local DNS server.

Even though bind9 is still a great option for setting up a local DNS cache server, dnsmasq is much simpler to install and configure both on EC2 instances and on a local machine.

What is dnsmasq?

DNSmasq is a Linux-related tool that supports DNS, DHCP, TFTP, and DNS caching. It is made to be compact and lightweight, making it ideal for networks and firewalls with fewer resource constraints.

It is incredibly straightforward to install and configure. In order to set up DNS and DHCP for subnetworks, dnsmasq is a flexible and practical solution.

It is possible to set up these DHCP-assigned identifiers and associated instructions for each server or for an underlying controller. Dynamic and static DHCP options are both supported by dnsmasq. It is portable and has the ability to manage DNS and DHCP for at least 1,000 clients.

When a DNS query is received, dnsmasq either responds from a local cache or transmits it to an authoritative DNS server. In addition to responding to DNS requests for addresses with DHCP configuration, it checks the contents of the /etc/hosts file to identify local hostnames that are not listed in the public DNS.

Utilizing the dnsmasq tool instead of the browser’s built-in DNS cache greatly enhances internet browsing performance. It is ideal for an integrated environment with constrained resources because it is very simple to set up and needs very little disk space.

Features of dnsmasq

  • It is simple to integrate internal DNS servers using dnsmasq by configuring it to transmit particular domain name resolution queries to particular authoritative servers.
  • The server’s workload is reduced and reliability is enhanced using the configured local DNS server.
  • DNS configuration for firewall-enabled endpoints is rather easy and independent of the DNS employed by the ISP.
  • If the port linked to the Internet is inaccessible while performing a DNS check on the computer, the lookup operation will be instantly suspended.
  • Through PPP (Point-to-point protocol) or DHCP queries, dnsmasq can really be configured to periodically collect data directly from the underlying domain resolution server.

Installation

The systemd-resolved service must be turned off prior to installing and configuring the dnsmasq utility.

systemctl stop systemd-resolved

You can also conceal it using the mask attribute so that it won’t start automatically when you reboot.

 systemctl mask systemd-resolved

Installing dnsmasq is the initial action you need to perform after turning off the systemd-resolved. DNSmasq comes pre-installed in almost all Linux distributions. If not you can install it manually. Launch a command terminal, and then type the following command to do it.

sudo apt-get install dnsmasq

Use the following command if you’re a yum user:

sudo yum install -y dnsmasq

This command automatically installs the tool and starts the dnsmasq in the background.

<img alt="dnsmapinstall" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnsmapinstall.png" data- height="424" src="data:image/svg xml,” width=”938″>

After successful installation, you can check the status of dnsmasq by using the below command.

systemctl status dnsmasq

If it shows its status as “active (running)”, that means installation is done and configured to port 53. If it shows its status as “inactive (dead)”, then you need to restart both the Ubuntu machine and dnsmasq again. This will fix the error.

<img alt="dnsmasqstatus" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnsmasqstatus.png" data- height="437" src="data:image/svg xml,” width=”928″>

Configuration

Dnsmasq is now ready to be set up on your machine as the local caching DNS server. Default config file is located at /etc/dnsmasq.conf. This config file must be modified in order to set up dnsmasq utility in the system.

Use this command to open and edit the config file.

nano /etc/dnsmasq.conf

The config file must be edited only with root privileges. Just clear everything in the file including comments and simply copy-paste and save this config setting.

port=53
domain-needed
bogus-priv
listen-address=127.0.0.1
expand-hosts
domain=geek-demo.com
cache-size=1000

Let me briefly describe what each of the parameters means.

  • Port – To specify or bind the port that Dnsmasq will use to receive DNS requests.
  • domain-needed – Transmits only the domain names to the upstream DNS server.
  • bogus-priv – prevents domain and port forwarding
  • listen-address – To define the nameserver address. Typically, the localhost is used as default, for setting up a local DNS server.
  • domain – To configure the domains that dnsmasq appends to short identifiers.
  • cache-size – The maximum DNS caching size allowed in storage.
<img alt="dnsmasqhost" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnsmasqhost.png" data- height="230" src="data:image/svg xml,” width=”917″>

After performing all necessary changes, save and close the config file. And the next step is to edit the /etc/resolv.conf file to add the local host resolution address. Use the below command to open with the nano editor.

nano /etc/resolv.conf

Here, you can find all the nameservers your system uses for address resolution. In that list, add the loopback address also. Add “nameserver 127.0.0.1” and keep it in the first line.

<img alt="dnsresolve" data- data-src="https://kirelos.com/wp-content/uploads/2022/10/echo/dnsresolve.png" data- height="228" src="data:image/svg xml,” width=”923″>

Save and exit the config file. In order for the updated setting to take effect, restart the dnsmasq utility.

systemctl restart dnsmasq

Testing Local DNS Caching server

It’s easy to test the local DNS server. Open a command line and use the dig command to check for DNS caching. When you run the dig command for the first time, the result ought to be quite common.

┌──(root💀kali)-[/home/writer]
└─# dig geekflare.com                                                                                     1 ⚙

; <> DiG 9.18.0-2-Debian <> geekflare.com
;; global options:  cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 623
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;geekflare.com.                 IN      A

;; ANSWER SECTION:
geekflare.com.          227     IN      A       172.66.43.163
geekflare.com.          227     IN      A       172.66.40.93

;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Oct 15 07:52:49 EDT 2022
;; MSG SIZE  rcvd: 74

Here, please make a note that query time is about 31 msec to query the details from the upstream name server. Execute the very same dig command once more, and you’ll notice a significant decrease in the query time.

┌──(root💀kali)-[/home/writer]
└─# dig geekflare.com                                                                                     1 ⚙

; <> DiG 9.18.0-2-Debian <> geekflare.com
;; global options:  cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21942
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;geekflare.com.                 IN      A

;; ANSWER SECTION:
geekflare.com.          281     IN      A       172.66.40.93
geekflare.com.          281     IN      A       172.66.43.163

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Oct 15 07:58:10 EDT 2022
;; MSG SIZE  rcvd: 74

Here, the query time is 0 msec. This is due to the fact that after performing the initial search, dnsmasq stored the data, and all subsequently performed lookups were instantaneous due to the utilization of the stored cache. Restarting dnsmasq is necessary if you want to delete the stored DNS cache.

Wrapping Up

In this article, we have seen how to set up and configure dnsmasq to function as a local DNS server. You may also be interested in learning about how to change DNS servers for Faster Browsing in different operating systems.

, ,
Show Comments